Skip to content

Comments

docs: add cdn.jsdelivr.net to connect-src#1398

Open
timothymcmackin wants to merge 1 commit intomainfrom
tpm/biel-csp-error
Open

docs: add cdn.jsdelivr.net to connect-src#1398
timothymcmackin wants to merge 1 commit intomainfrom
tpm/biel-csp-error

Conversation

@timothymcmackin
Copy link
Collaborator

@timothymcmackin timothymcmackin commented Nov 24, 2025

We're getting CSP errors for the Biel script on https://cdn.jsdelivr.net getting blocked:

image

This adds that domain to the CSP settings. It fixed the issue on docs.tezos.com: https://gitlab.com/tezos/docs/-/merge_requests/109

@codecov
Copy link

codecov bot commented Nov 24, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.16%. Comparing base (8515569) to head (fbf7f48).

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8515569...fbf7f48. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@huancheng-trili
Copy link
Collaborator

huancheng-trili commented Nov 24, 2025

How do I observe this error? I don't see it in prod right now.

@timothymcmackin
Copy link
Collaborator Author

timothymcmackin commented Nov 24, 2025

How do I observe this error? I don't see it in prod right now.

I see it in prod on Chrome on MacOS when I press option+command+i to open the console:

Screenshot 2025-11-24 at 11 30 25 AM

@huancheng-trili
Copy link
Collaborator

huancheng-trili commented Nov 24, 2025

Yes I did that too, but I don't see the errors in dev tools. It shows instead that GET https://cdn.jsdelivr.net/npm/biel-search@latest/dist/biel-search/biel-search.css returns 200. What if you disable cache and refresh the page?

@timothymcmackin
Copy link
Collaborator Author

timothymcmackin commented Nov 24, 2025

Yes I did that too, but I don't see the errors in dev tools. It shows instead that GET https://cdn.jsdelivr.net/npm/biel-search@latest/dist/biel-search/biel-search.css returns 200. What if you disable cache and refresh the page?

Strange. I still see it in Chrome after deleting site data., hard-refreshing, and opening in an incognito window.

@huancheng-trili
Copy link
Collaborator

huancheng-trili commented Nov 24, 2025

Indeed. I do see a different error with docs.tezos.com though.

Refused to load the script 'https://us-assets.i.posthog.com/static/array.js' because it violates the following Content Security Policy directive: "script-src https://*.googletagmanager.com https://cdn.jsdelivr.net 'self' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@huancheng-trili huancheng-trili Awaiting requested review from huancheng-trili

At least 1 approving review is required to merge this pull request.

Assignees

@huancheng-trili huancheng-trili

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@timothymcmackin @huancheng-trili