Skip to content

Unrecognized Content-Security-Policy directive 'prefetch-src'. #627

Open
Open
Unrecognized Content-Security-Policy directive 'prefetch-src'.#627
@ramesh8830

Description

@ramesh8830
ramesh8830
opened on Jun 28, 2023

Deployed the server in production environment with metallb load balancer. But having issues with CORS.

Below are my CSP headers in webapp values.yaml

CSP_EXTRA_CONNECT_SRC: "https://*.example.com, wss://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_IMG_SRC: "https://*.example.com, wss://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_SCRIPT_SRC: "https://*.example.com, wss://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_DEFAULT_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_FONT_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_FRAME_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_MANIFEST_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_OBJECT_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_MEDIA_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_PREFETCH_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_STYLE_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_WORKER_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"

CORS Errors on the browser console

Unrecognized Content-Security-Policy directive 'prefetch-src'.

Access to XMLHttpRequest at 'https://api.example.com/api-version' from origin 'https://app.example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
GET https://api.example.com/api-version net::ERR_FAILED 200

Kubernetes Version

:~# kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:23:52Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:15:20Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}

Wire Webapp Image used

image:
  repository: quay.io/wire/webapp
  tag: "2023-04-11-production.0-v0.31.13-0-bb91157"

Please help me fix the CORS issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions