Strict Content Security Policies cause malfunctioning

Troubleshooting

Summary

Serving the evaluation version of yFiles for HTML JavaScript files with a too strict content security policy setting can cause hard evaluation time expiry checks to trigger. "yFiles for HTML hard evaluation time expired" will be reported and yFiles functionality will cease to work.

For a better user experience, please go to the integrated documentation viewer to read this article.

Description

The evaluation version of yFiles for HTML contains code that cannot be executed under restricted CSP policies that have 'unsafe-eval' disabled. This will cause a misleading error message, saying that the "hard evaluation time expired" for yFiles for HTML.

The console should contain a warning or error message indicating that the true cause for the "hard expiry" is the CSP that prevented the code from properly executing. Please make sure that yFiles for HTML JavaScript files are served with a Content-Security-Policy that includes 'self', 'unsafe-eval', and 'unsafe-inline', at least.

If you cannot get rid of the exception, please contact our support team for further help.

Categories this article belongs to:

yFiles for HTML > Other

Applies to:

yFiles for HTML: 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6

Keywords:

CSP - evaluation - expired - hard - unsafe-eval - unsafe-inline - default-src - policy - security