5

I'm trying to use web workers in lightning component. Using them in lightning component directly fails due to LockerService. Another option of using them inside the newly available lightning:container fails due to CSP rules. Don't know if it matters but I'm using a patch org and developing a managed packed.

The issue I'm getting is:

Refused to create a worker from 'blob:https://xxxx.container.lightning.com/0487b8bd-d72f-4859-a0b7-0b2608a108c0' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension: https://zzzz.net *.na55.visual.force.com https://ssl.gstatic.com/accessibility/ 'nonce-yyyy'". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.

I've created a manifest.json file inside the resource with the following content according to the following documentation:

{
  "landing-pages" : [
    {
      "path": "index.html",
      "content-security-policy-type": "custom",
      "content-security-policy": "script-src *;"
    }
  ]
}

It seems that my manifest.json is being ignored. Here is the CSP request that is being sent:

{"csp-report":{"document-uri":"https://xxxx.container.lightning.com/lcc/0000/xxxxx/index.html?sfdcIFrameOrigin=https%3A%2F%2Fxxxx.lightning.force.com","referrer":"https://xxxx.lightning.force.com/","violated-directive":"worker-src","effective-directive":"worker-src","original-policy":"default-src 'self'; script-src  'self' chrome-extension: https://zzzz.net *.na55.visual.force.com https://ssl.gstatic.com/accessibility/ 'nonce-yyyy'; object-src 'self' https://xxxx.na55.content.force.com; style-src 'self' chrome-extension: 'unsafe-inline' *.na55.visual.force.com; img-src 'self' http: https: data: blob: *.na55.visual.force.com; media-src 'self' https://xxxx.na55.content.force.com *.na55.visual.force.com; frame-ancestors https://xxxx.lightning.force.com; frame-src https: mailto: *.na55.visual.force.com; font-src 'self' https: data: *.na55.visual.force.com; connect-src 'self' https://api.bluetail.salesforce.com https://staging.bluetail.salesforce.com https://preprod.bluetail.salesforce.com *.na55.visual.force.com; report-uri /_/csp","disposition":"enforce","blocked-uri":"blob","line-number":1,"column-number":31921,"source-file":"https://xxxx.container.lightning.com/lcc/0000/xxxxx/all.min.js","status-code":0,"script-sample":""}}

I would like to get Web Workers working in SalesForce lightning component, one way or another. Anyone had similar situation?

ipetrovych
  • 81
  • 3

0 Answers0