Sonar-custom-plugin-example and CSP

gquerret · August 9, 2024, 4:21pm

Hello,

I’m trying to setup sonar-custom-plugin-example in order to write a custom Administration page. I’ve followed the instructions here:

Installed a brand new SQ 10.6.0 CE server on my machine
Built the plugin with mvn package and deployed it to SQ (works without any issue, the admin page can be loaded at http://localhost:9000/admin/extension/example/admin_page)
Installed dependencies with npm install (just had to delete package-lock.json as it references JFrog.io and I don’t have an account there)
Started the local proxy with npm start

When I try to access http://localhost:3000/admin/extension/example/admin_page (so going through the proxy), I’m getting this message:

EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
    at Object.<anonymous> (admin_page.js:589:2)
    at __webpack_require__ (admin_page.js:556:30)
    at admin_page.js:579:37
    at admin_page.js:582:10

Is there a way to relax the CSP directives when in development mode ?

Thanks

Gilles

benjamin.raymond · December 19, 2024, 10:07am

Hello @gquerret ,

Thanks for your report, and sorry it took so long to come back to you! I’ve created SONAR-24045 to take a look and you can expect a fix to be pushed to the example repository in the upcoming days.

Feel free to integrate the fix in your own project already.

gquerret · December 20, 2024, 6:34am

Thank you, I’ll try that !

system · December 27, 2024, 9:57am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.