Strict Content Security Policies cause malfunctioning
TroubleshootingSummary
Serving the evaluation version of yFiles for HTML JavaScript files with a too strict content security policy setting can cause hard evaluation time expiry checks to trigger.
"yFiles for HTML hard evaluation time expired" will be reported and yFiles functionality will cease to work.
Description
The evaluation version of yFiles for HTML contains code that cannot be executed under restricted CSP policies that have 'unsafe-eval'
disabled. This will cause a misleading error message, saying that the "hard evaluation time expired" for yFiles for HTML.
The console should contain a warning or error message indicating that the true cause for the "hard expiry" is the CSP that prevented the code from properly executing. Please make sure that yFiles for HTML JavaScript files are served with a Content-Security-Policy
that includes 'self'
, 'unsafe-eval'
, and 'unsafe-inline'
, at least.
Categories this article belongs to:
yFiles for HTML > Other
Applies to:
yFiles for HTML: 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6
Keywords:
CSP - evaluation - expired - hard - unsafe-eval - unsafe-inline - default-src - policy - security