How to dynamic load script in Custom UI by Webworker

NGPilot · March 13, 2025, 7:03am

I’m creating a custom UI app and for performance use a WebWorker to run computing logic in it, everything is OK but after deployed to development environment, it throws error:

Refused to load the script 'https://cdnjs.cloudflare.com/ajax/libs/pdf.js/4.10.38/pdf.worker.min.mjs' because it violates the following Content Security Policy directive: "script-src 'self' https://forge.cdn.prod.atlassian-dev.net 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I’ve checked the official docs: https://developer.atlassian.com/platform/forge/manifest-reference/permissions/#:~:text=The%20permissions%20section%20of%20the%20manifest.yml%20file%20controls,the%20authenticated%20Product%20Fetch%20APIs%2C%20and%20Product%20events.

there’s nothing related to worker

Anyone knows how to make it?

AaronCollier · March 14, 2025, 11:14am

Seems like you want to set the scripts permissions (in particular unsafe-inline, which as might be seen from its name could be unsafe ): https://developer.atlassian.com/platform/forge/manifest-reference/permissions/#scripts

NGPilot · March 14, 2025, 12:35pm

Thanks for your reply, and I have already added this , it however throws the error

AaronCollier · March 14, 2025, 12:56pm

Did you set external scripts? https://developer.atlassian.com/platform/forge/manifest-reference/permissions/#scripts-1

NGPilot · March 15, 2025, 12:21am

Yes, I have done. Because this script is loaded in Webworker so permissions of Forge can not support ‘worker-src’ as ‘script-src’ to make it work.

I have tried to add all options in ‘script’ from docs but it throws error.

So I think maybe until now Forge don’t support Webworker.