I need help for the dynamic loading of javascripts in Eclipse Scout.
So I already have a javascript that is called from an index.ts to put the scripts and the meta tag for CSP in the head section. There are many examples of how this can be done.
My problem is rather that ‘unsafe’ is usually used for local projects etc., which in my case is not the case. And even if I use the examples without ‘unsafe’, e.g.
const meta = document.createElement('meta');
meta.httpEquiv = "Content-Security-Policy";
meta.content = "script-src 'self' /myDirectory/myFile.js;"
document.head.appendChild(meta);
it simply does not work on my domain. The relative path is definitely correct, because if I write ./ as a relative path, for example, I am told that the script was not found or is an invalid source.
And the meta tag, as well as the script tags, are also inserted in the head area, except that the scripts are not loaded because of the CSP error.
My error message looks like this: "Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."
I had also thought about allowing the scripts for Eclipse Scout, unfortunately I have not yet found a way to do this, if it is possible at all.
In principle, I would also assume that the time interval between inserting the script tag, meta tag for CSP and loading the scripts does not fit, but since I am not particularly experienced in this area, I cannot say any more about this.
I solved the problem.
I just have to add the paths I need, in the ‘getFilterExludes’ method in UiServletContributors (version 24 and higher).