reactjs - Refused to load the image because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' data:"

I'm building an application that uses Electron Forge, React and Leaflet to display maps. However, when adding a map to my page, the following error is displayed in the console:

Refused to load the image 'https://b.tile.openstreetmap.org/13/4093/2724.png' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' data:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

forge.config.ts

import type { ForgeConfig } from '@electron-forge/shared-types';
import { MakerSquirrel } from '@electron-forge/maker-squirrel';
import { MakerZIP } from '@electron-forge/maker-zip'; import { MakerDeb } from '@electron-forge/maker-deb'; import { MakerRpm } from '@electron-forge/maker-rpm'; import { AutoUnpackNativesPlugin } from '@electron-forge/plugin-auto-unpack-natives'; import { WebpackPlugin } from '@electron-forge/plugin-webpack'; import { FusesPlugin } from '@electron-forge/plugin-fuses'; import { FuseV1Options, FuseVersion } from '@electron/fuses';

import { mainConfig } from './webpack.main.config'; import { rendererConfig } from './webpack.renderer.config';

const config: ForgeConfig = {
packagerConfig: {
asar: true,
},
rebuildConfig: {},
makers: [new MakerSquirrel({}), new MakerZIP({}, ['darwin']), new MakerRpm({}), new MakerDeb({})],
plugins: [
new AutoUnpackNativesPlugin({}),
new WebpackPlugin({
mainConfig,
devContentSecurityPolicy:
"default-src 'self' https://unpkg.com/[email protected]/dist/leaflet.js 'unsafe-inline'; style-src-elem 'self' https://unpkg.com/[email protected]/dist/leaflet.css 'unsafe-inline';script-src-elem 'self' https://unpkg.com/[email protected]/dist/leaflet.js 'unsafe-inline'; img-src 'self' * data:;",
renderer: {
config: rendererConfig,
entryPoints: [
{
html: './src/index.html',
js: './src/renderer.ts',
name: 'main_window',
preload: {
js: './src/preload.ts',
},
},
],
},
}),
// Fuses are used to enable/disable various Electron functionality
// at package time, before code signing the application
new FusesPlugin({
version: FuseVersion.V1,
[FuseV1Options.RunAsNode]: false,
[FuseV1Options.EnableCookieEncryption]: true, [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
[FuseV1Options.EnableNodeCliInspectArguments]: false,
[FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true,
[FuseV1Options.OnlyLoadAppFromAsar]: true,
}),
],
};

export default config;

The expected behavior would be for the map to display correctly, but I am only seeing errors when loading images.

edited Jul 6 at 0:08

Ken White

125k15 gold badges231 silver badges458 bronze badges

asked Jul 5 at 23:10

Felipe César

Add a comment |

Collectives™ on Stack Overflow

Refused to load the image because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' data:"

0

Browse other questions tagged
reactjs
electron
leaflet
content-security-policy
electron-forge
or ask your own question.

Hot Network Questions

Collectives™ on Stack Overflow

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Browse other questions tagged reactjselectronleafletcontent-security-policyelectron-forge or ask your own question.

Browse other questions tagged
reactjs
electron
leaflet
content-security-policy
electron-forge
or ask your own question.