Which Cloudflare product(s) does this pertain to?
Wrangler core
What version(s) of the tool(s) are you using?
3.22.3 [Wrangler]
What version of Node are you using?
21.4.0
What operating system are you using?
Mac
Describe the Bug
When accessing https://devtools.devprod.cloudflare.dev/ with another layer of DevTools open, I see the following error in the JS console: The Content-Security-Policy directive 'script-src' contains 'script-src' as a source expression. Did you want to add it as a directive and forget a semicolon?.
The error corresponds to this line from the wrangler-devtools patch: https://github.com/cloudflare/workers-sdk/blob/main/packages/wrangler-devtools/patches/0015-Basic-support-for-Safari.patch#L33
Based on the CSP: script-src docs, I think getting rid of the 2nd script-src should fix the CSP:
-<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'sha256-nR3ouvAaRD5oAvx24d8aFSv1EH9XKi9uVvoOsvVuW8U=' script-src 'sha256-AIRkz8wOl/LgmUJduw9AsUnrb94PlBpePfk0Rowm+Vo=' 'self' 'unsafe-eval' https://chrome-devtools-frontend.appspot.com">
+<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'sha256-nR3ouvAaRD5oAvx24d8aFSv1EH9XKi9uVvoOsvVuW8U=' 'sha256-AIRkz8wOl/LgmUJduw9AsUnrb94PlBpePfk0Rowm+Vo=' 'self' 'unsafe-eval' https://chrome-devtools-frontend.appspot.com">
Please provide a link to a minimal reproduction
No response
Please provide any relevant error logs
js_app:43
The Content-Security-Policy directive 'script-src' contains 'script-src' as a source expression. Did you want to add it as a directive and forget a semicolon?
Which Cloudflare product(s) does this pertain to?
Wrangler core
What version(s) of the tool(s) are you using?
3.22.3 [Wrangler]
What version of Node are you using?
21.4.0
What operating system are you using?
Mac
Describe the Bug
When accessing https://devtools.devprod.cloudflare.dev/ with another layer of DevTools open, I see the following error in the JS console:
The Content-Security-Policy directive 'script-src' contains 'script-src' as a source expression. Did you want to add it as a directive and forget a semicolon?.The error corresponds to this line from the wrangler-devtools patch: https://github.com/cloudflare/workers-sdk/blob/main/packages/wrangler-devtools/patches/0015-Basic-support-for-Safari.patch#L33
Based on the CSP: script-src docs, I think getting rid of the 2nd
script-srcshould fix the CSP:Please provide a link to a minimal reproduction
No response
Please provide any relevant error logs
js_app:43
The Content-Security-Policy directive 'script-src' contains 'script-src' as a source expression. Did you want to add it as a directive and forget a semicolon?