Content Security Policy violation problem in a fresh Ember app


#1

Grettings, Ember-community

At the moment I’ve almost reached the “desperate” mood. 3 days ago I wanted to get started with Ember by creating a small prototype, but at one point I faced “a wall”. I don’t have developer-friends who worked with ember, I’ve googled for solutions and asked smart guys from StackOverflow as well.

I’ll explain my current situation I would be infinitely glad if someone would be able to suggest a solution.

My environment:

  • Mac, OS X (10.10.3)
  • ember -v: 0.2.3
  • node -v: 0.12.2
  • npm -v: 2.7.6

I installed ember-cli, created a new app, started the server:

$ npm install -g ember-cli

$ ember new my-app

$ cd my-app

$ ember server

Afterwards I visit the url http://localhost:4200/ and see Welcome to Ember.js.

The next step is to “try and change” this text. So I go to application.hbs and change the content of the file to:

Welcome to Ember.js, BRO

{{outlet}}

So I return to the browser, refresh the page and nothing has changed. No errors in browser’s console. Nevertheless in terminal I get messages like

Content Security Policy violation: {}

I tried to delete the CSP line from package.json - nothing. But anyway “Removing the check that’s warning you of vulnerabilities doesn’t count as fixing your vulnerabilities” ©

I have no clue what to try and where to search

Thank you in advance,

Ted


#2

A fresh app should not have CSP warnings. Please test in an incognito window (without browser extensions). These warnings on a fresh app are often caused by chrome/Firefox extensions mis-behaving.


#3

Nope, the content remains static and terminal produces those warnings:

Content Security Policy violation: {}

Content Security Policy violation: {}

Checked in:

  • Incognito mode in Chrome: 42.0.2311.90
  • Safari: 8.0.5

#4

Some additional info:

I figured out that the problem is that the ember app does not “hear” the trigger, when a file has been changed. I don’t receive a

file changed templates/application.hbs

notification in the terminal. Something globally is blocking or interrupting the regular app run.

Still looking forward receiving your suggestions !


#5

Update. Temporary fix found: Starting the server with

ember server --watcher=polling

Still searching for the answer what is blocking the events of the file system


#6

Did you get anywhere with this?

After fixing all browser console errors for the security policies, I’m seeing the same in the ember server output: Content Security Policy violation: {}

Since it’s empty, is there anything to be concerned about?

thx


#7

I am also having similar issues.

$ ember --version
version: 1.13.1
node: 0.12.6
npm: 2.12.1

$ watchman --version
3.3.0

However ember server --watcher=polling did not seem to resolve anything for me, nor did the incognito window.

Any ideas?