CodeIgniter Forums

Full Version: CSP Error in toolbarloader.js.php (updated)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi there,

I'm testing the latest version of CodeIgniter 4 (created new project using composer), and hit a snag immediately after enabling CSP.  And I have been searching for the answer for a couple of hours already.

I had like 60+ CSP errors in the console, but most of them was due to Grammarly plugin (as somebody mention it in stackoverflow) in Chrome so I uninstalled it. And now I'm down to 1 (one) error in CSP.

Here is a screenshot: https://pasteboard.co/IDPAxct.png (i am not sure on how to embedded a picture here..)

and it was pointing to this code (in toolbarloader.js.php)

Code:
            // check for last style block
            {
                let PosBeg = responseText.indexOf( '>', responseText.lastIndexOf( '<style' ) ) + 1;
                let PosEnd = responseText.indexOf( '</style>', PosBeg );
                document.getElementById( 'debugbar_dynamic_style' ).innerHTML += responseText.substr( PosBeg, PosEnd - PosBeg );
                responseText = responseText.substr( 0, PosBeg + 8 );
            }

            toolbar.innerHTML = responseText; <-- points to this, line 50 in the file
            if (typeof ciDebugBar === 'object') {
                ciDebugBar.init();
            }




I am not sure how to proceed to make sure the CSP error won't generate.

Will somebody please point me to the right direction in fixing the CSP error?
You should upload your image as an attachment, and then "insert" it into the post.
Whatever technique you used didn't work Sad
(10-26-2019, 03:06 PM)ciadmin Wrote: [ -> ]You should upload your image as an attachment, and then "insert" it into the post.
Whatever technique you used didn't work Sad
sorry will I will update the image Sad
Ok.. for now what I did is if the ENVIRONMENT is production, enable CSP in the config, else disable it so that the Debug Toolbar would work.

I hope there is a fix here so not to keep on toggling CSP just to test the pages if CSP has been correctly set.