[Web] App violates Content Security Policy #80221
Description
Steps to Reproduce
- Create a template app with
flutter create bug. flutter build web --csp- Run built app on a server with SSL/TLS configured
Expected results:
App to run normally.
Actual results:
Browser throws error
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' http: https: data: blob: 'unsafe-inline'".
The inline string indicated is
"try {return this===window;}catch(e){ return false;}"Note
Building with the flutter build web --csp --web-renderer html mitigates this issue.
flutter doctor
[✓] Flutter (Channel beta, 2.1.0-12.2.pre, on macOS 11.2.3 20D91 darwin-x64, locale en-GB)
• Flutter version 2.1.0-12.2.pre at /Users/ytt/Library/Flutter
• Framework revision 5bedb7b1d5 (4 weeks ago), 2021-03-17 17:06:30 -0700
• Engine revision 711ab3fda0
• Dart version 2.13.0 (build 2.13.0-116.0.dev)
[!] Android toolchain - develop for Android devices (Android SDK version 29.0.2)
• Android SDK at /Users/ytt/Library/Android/sdk
• Platform android-29, build-tools 29.0.2
• ANDROID_HOME = /Users/ytt/Library/Android/sdk
• Java binary at: /Users/ytt/Library/Application
Support/JetBrains/Toolbox/apps/AndroidStudio/ch-0/202.7188722/Android Studio 4.2
Preview.app/Contents/jre/jdk/Contents/Home/bin/java
• Java version OpenJDK Runtime Environment (build 11.0.8+10-b944.6916264)
✗ Android license status unknown.
Run `flutter doctor --android-licenses` to accept the SDK licenses.
See https://flutter.dev/docs/get-started/install/macos#android-setup for more details.
[!] Xcode - develop for iOS and macOS
• Xcode at /Applications/Xcode.app/Contents/Developer
• Xcode 12.4, Build version 12D4e
✗ CocoaPods not installed.
CocoaPods is used to retrieve the iOS and macOS platform side's plugin code that responds to
your plugin usage on the Dart side.
Without CocoaPods, plugins will not work on iOS or macOS.
For more info, see https://flutter.dev/platform-plugins
To install see https://guides.cocoapods.org/using/getting-started.html#installation for
instructions.
[✓] Chrome - develop for the web
• Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[✓] Android Studio
• Android Studio at /Users/ytt/Library/Application
Support/JetBrains/Toolbox/apps/AndroidStudio/ch-0/202.7188722/Android Studio 4.2
Preview.app/Contents
• Flutter plugin can be installed from:
🔨 https://plugins.jetbrains.com/plugin/9212-flutter
• Dart plugin can be installed from:
🔨 https://plugins.jetbrains.com/plugin/6351-dart
• Java version OpenJDK Runtime Environment (build 11.0.8+10-b944.6916264)
[✓] IntelliJ IDEA Ultimate Edition (version 2020.3.3)
• IntelliJ at /Users/ytt/Applications/JetBrains Toolbox/IntelliJ IDEA Ultimate.app
• Flutter plugin can be installed from:
🔨 https://plugins.jetbrains.com/plugin/9212-flutter
• Dart plugin can be installed from:
🔨 https://plugins.jetbrains.com/plugin/6351-dart
[✓] VS Code (version 1.53.1)
• VS Code at /Applications/Visual Studio Code.app/Contents
• Flutter extension can be installed from:
🔨 https://marketplace.visualstudio.com/items?itemName=Dart-Code.flutter
[✓] Connected device (1 available)
• Chrome (web) • chrome • web-javascript • Google Chrome 89.0.4389.114
! Doctor found issues in 2 categories.