Forge tunnel for CustomUI is not working (NS_ERROR_CONTENT_BLOCKED)

I can’t get the forge tunnel-CustomUI live update to work in one of my forge apps. Without the port setting in the manifest.yml file, the page is loaded. But it doesn’t load the changes to the customui. If I add resources/tunnel/port setting to the manifest.yml file, I get the following exception in the browser console; the page is not loaded at all.

Exception { name: "NS_ERROR_CONTENT_BLOCKED", message: "", result: 2153644038, filename: "http://localhost:8000/static/js/bundle.js", lineNumber: 35390, columnNumber: 0, data: null, stack: "WebSocketClient@http://localhost:8000/static/js/bundle.js:35390:19\ninitSocket@http://localhost:8000/static/js/bundle.js:36792:12\n./node_modules/webpack-dev-server/client/index.js?protocol=ws%3A&hostname=\noptions.factory@http://localhost:8000/static/js/bundle.js:46139:31\n__webpack_require__@http://localhost:8000/static/js/bundle.js:45596:33\n@http://localhost:8000/static/js/bundle.js:46719:30\n@http://localhost:8000/static/js/bundle.js:46723:12\n" }

Also on the forge console, it prints the falling warning.

Received proxy request. Serving file index.html for resource forge-terminal from specified address http://localhost:3000
CSP violation detected for 'connect-src' while serving content at http://localhost:8000/

I have added the following section to the manifest, build/redeploy/upgrade and it didn’t help.

      - "unsafe-inline"
      - "unsafe-inline"
      - "unsafe-eval"

I have cross-checked index.html, and manifest.yml files with a previous app but I couldn’t find a difference that may cause this issue.

I have the same issue and it seems it’s Firefox specific.

Thanks, it works with Chrome. But, I have other Forge applications, and they perfectly work on Firefox.

Hi I think I’ve seen this problem before.

Would you be able to let me know if this solution works for you?

Hi JoshuaHwang,
Thanks for your support. But it didn’t work, and the forge tunnel gives the following error.

 Invalid 'external.fetch.client' permission in the manifest.yml file - 'ws://localhost:3000'. Learn more about permissions at:  valid-permissions-required

Hmm that’s what the other person got as well. Lemme check if our validations are correct…


There was a security policy that prevented non-TLS websockets from being added. That policy still remains but for tunnelling we’re allowing localhost tunnelling.

Please download the latest version of the Forge CLI for it to work