You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to apply the strict CSP rules by following the official NextJs guide here. The application works correctly but I am getting CSP violation errors on the console for loading these scripts under the <head> tag:
These scripts are related to components loaded dynamically through the dynamic NextJs function and I believe the issue might be caused by the function calling the preload functionality from react-dom (see call here).
After some more investigation, I found out that the issue only happens when loading lazy loaded component on client components and not server components.
Has anyone encountered this issue before? Any suggestions for resolving it?
Additional information
Error message:
Refused to load the script '[...]/_next/static/chunks/5181.b2b6479db294829d.js' because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-ODk0MDZiZTUtMDUzYy00OTBlLTlhYTUtMzgzYzVjM2QyNmFi' https: 'strict-dynamic'". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Summary
I am trying to apply the strict CSP rules by following the official NextJs guide here. The application works correctly but I am getting CSP violation errors on the console for loading these scripts under the
<head>tag:These scripts are related to components loaded dynamically through the
dynamicNextJs function and I believe the issue might be caused by the function calling thepreloadfunctionality fromreact-dom(see call here).After some more investigation, I found out that the issue only happens when loading lazy loaded component on client components and not server components.
Has anyone encountered this issue before? Any suggestions for resolving it?
Additional information
Error message:
Example
Codesandbox Link: https://codesandbox.io/p/devbox/9ymssd
Beta Was this translation helpful? Give feedback.
All reactions