1

STrapi page is working correctly for me on local host but when i hosted it on replit it gives these errors

main.9c01de7f.js:2981 Refused to connect to 'http://localhost:1337/admin/project-type' because it violates the following Content Security Policy directive: "connect-src 'self' https:".

(anonymous) @ main.9c01de7f.js:2981
main.9c01de7f.js:171 oe
(anonymous) @ main.9c01de7f.js:171
main.9c01de7f.js:3929 Refused to connect to 'http://localhost:1337/admin/init' because it violates the following Content Security Policy directive: "connect-src 'self' https:". 

The code can be seem here https://replit.com/@MAAZ-GAMERGAMER/SelfreliantEdibleDatalog?v=1
Maaz Saeed
  • 31
  • 2

1 Answers1

0

Strapi enforces CSP in the backend.

in your my-project add the following in /config/middlewares.js

{
    name: 'strapi::security',
    config: {
      contentSecurityPolicy: {
        useDefaults: true,
        directives: {
          'connect-src': ["'self'", 'http:', 'https:'],
          upgradeInsecureRequests: null,
        },
      },
    },
  },

The file would look like this:

module.exports = [
  'strapi::errors',
{
    name: 'strapi::security',
    config: {
      contentSecurityPolicy: {
        useDefaults: true,
        directives: {
          'connect-src': ["'self'", 'http:', 'https:'],
          upgradeInsecureRequests: null,
        },
      },
    },
  },
  'strapi::cors',
  'strapi::poweredBy',
  'strapi::logger',
  'strapi::query',
  'strapi::body',
  'strapi::session',
  'strapi::favicon',
  'strapi::public',
];
Sanket
  • 344
  • 2
  • 6