Strict Content Security Policies Cause Malfunctioning

Troubleshooting

Summary

Using a strict content security policy setting when serving the evaluation version of yFiles for HTML JavaScript files can trigger premature evaluation time expiry checks. The error message "yFiles for HTML hard evaluation time expired" will appear, and yFiles functionality will stop working.

For a better user experience, please go to the integrated documentation viewer to read this article.

Description

The evaluation version of yFiles for HTML includes code that cannot run under restricted CSP policies that have 'unsafe-eval' disabled. This will cause a misleading error message, indicating that the "hard evaluation time expired" for yFiles for HTML.

The console should display a warning or error message indicating that the true cause for the "hard expiry" is the CSP, which prevented the code from executing properly. Ensure that yFiles for HTML JavaScript files are served with a Content-Security-Policy that includes, at a minimum, 'self', 'unsafe-eval', and 'unsafe-inline'.

If you cannot resolve the exception, contact our support team for assistance.

Categories this article belongs to:

yFiles for HTML > Other

Applies to:

yFiles for HTML: 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 3.0

Keywords:

CSP - evaluation - expired - hard - unsafe-eval - unsafe-inline - default-src - policy - security