You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using the Hugo Hyas starter kit and trying to get Decap CMS to work with builds on Netlify and authentication with Netilfy Identity. The CMS works fine locally using npx decap-server but fails in production due CSP violations. Problems with script-src, style-src, and img-source. The only way I was able to get it to work was by commenting out the entire CSP, so my netlify.toml file now looks like this:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I'm using the Hugo Hyas starter kit and trying to get Decap CMS to work with builds on Netlify and authentication with Netilfy Identity. The CMS works fine locally using
npx decap-server
but fails in production due CSP violations. Problems withscript-src
,style-src
, andimg-source
. The only way I was able to get it to work was by commenting out the entire CSP, so mynetlify.toml
file now looks like this:Is this leaving my site vulnerable?
There's an old, still-open issue here about this, but I wasn't able to figure out any other actionable approach from it.
Has anyone else encountered and solved this?
Beta Was this translation helpful? Give feedback.
All reactions