React Heroku Integration

modimo · August 3, 2022, 4:01pm

I am trying to deploy a mern full stack app with mapbox on heroku where you can add pins with react-map-gl and it does not seem to display the map after login or registration and I get csp errors. I think if I solve those mapbox would show.

The Content-Security-Policy directive name ‘‘unsafe-inline’’ contains one or more invalid characters. Only ASCII alphanumeric characters or dashes ‘-’ are allowed in directive names.

index.js:89 Refused to create a worker from 'blob:https://map-add-pins.herokuapp.com/ca369312-252f-4be1-85be-9bc4b47805a7’ because it violates the following Content Security Policy directive: “script-src ‘self’”. Note that ‘worker-src’ was not explicitly set, so ‘script-src’ is used as a fallback.

I tried to add this meta tag in my index.html to offset the csp but that did not solve the issue. When I login or register the map should load like in localhost.

<meta http-equiv="Content-Security-Policy" content="'unsafe-inline' blob:;">

my heroku link to see issue: https://map-add-pins.herokuapp.com

modimo · August 4, 2022, 6:57pm

I am still struggling to come up with a solution for a csp policy that can load my map.

lasjorg · August 4, 2022, 9:34pm

The docs have a list of directives

modimo · August 5, 2022, 7:04am

Okay I looked at the docs and tried some methods that did not work. I tried to create custom meta tag in my index.html but I still get the same error with blob.

<meta http-equiv="Content-Security-Policy" content="default-src 'self';
script-src 'report-sample' 'self' https://api.mapbox.com/mapbox.js/v3.3.1/mapbox.js;
style-src 'report-sample' 'self' https://api.mapbox.com;
object-src 'none';
base-uri 'self';
connect-src 'self' https://api.mapbox.com;
font-src 'self';
frame-src 'self';
img-src 'self';
manifest-src 'self';
media-src 'self';
worker-src blob:;">

I also tried to do it through node with my index.js

app.use(function(req, res, next) {
  res.setHeader("content-security-policy-report-only", "worker-src blob: ; child-src blob: ; img-src data: blob: ; connect-src https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com ;")
  next();
});

lasjorg · August 5, 2022, 4:29pm

You can try using the csp worker

I doubt I can troubleshoot this without a reproducible example and I’m not registering a mapbox account (I’m not giving them my credit card just to test this).

modimo · August 5, 2022, 7:08pm

That solution also does not work I will try to find a way to solve this.

modimo · August 12, 2022, 7:23pm

Instead I deployed the frontend of the application to netlify and the backend to heroku and that solved the issue with the map.

system · February 11, 2023, 7:24am

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Heroku Map Refuses Script JavaScript	1	255	February 1, 2023
25+5 and codepen problem, help needed, frustrated JavaScript	6	404	June 11, 2023
React app & CSP	3	1882	January 16, 2021
Mern + heroku causing api routes to go to static html page instead	3	523	June 1, 2021
CSP Directive for javascript blob originating from own website? JavaScript	1	718	February 2, 2021

React Heroku Integration

Related topics