CSP error locally

[Vakmeth]

If we execute docker compose up locally and create new credentials, the password is not blurred anymore. This is because of a CSP-Error (Content Security Policy) which blocks the the request which gets the font to blur out the password.

The CSP-Error can be viewed in the network console of the browser. The failing request is: http://localhost:4200/text-security-disc.woff2.

To finish this story we need to include localhost:4200 in the our content security policy to be able to fetch the fonts from it.

File which could help you:

• content_security_policy.rb

[njaeggi]

I am pretty sure we have to sue something like this

policy.font_src :self, 'http://localhost:4200' if Rails.env.development?

in our content_security_policy.rb

Maybe we can also disable CSP completely for local development, if that's possible

Important:

rebuild your docker when changing something in docker files or CSP settings. @mtnstar and me fixed the docker build by removing yarn and node from the rails Image and by upgrading puma