I’m trying to get web assembly to load in my custom UI app, and I have the following in my manifest:
I’m still getting this error:
WebAssembly.instantiate(): Refused to compile or instantiate WebAssembly module because ‘unsafe-eval’ is not an allowed source of script in the following Content Security Policy directive: “script-src ‘self’ https://forge.cdn.prod.atlassian-dev.net”).
I don’t think that Forge will allow unsafe-eval. You’ll want to use JSON.parse or similar library.
Thanks @danielwester - yeah I can’t tell if it is meant to work or not. It is documented in the Permissions page for the Forge manifest here https://developer.atlassian.com/platform/forge/manifest-reference/permissions/#content-permissions
And this ticket leads me to believe it is supported and could be improved: [FRGE-1030] - Ecosystem Jira
@AdamMoore might be able to comment.
I’ve created a really simple Custom UI App, the content is in the following screenshot:
Initially that application was failing with the error message:
CompileError: WebAssembly.instantiateStreaming(): Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://forge.cdn.stg.atlassian-dev.net"
but after adding the following permission the application worked as expect (as seen in the previous screenshot):
I’ve had to redeploy and upgrade my application after adding the permissions into the
manifest.yml file so that the application is using the latest permissions:
forge instal --upgrade
Would you be able to confirm that you’ve done a redeploy and upgrade on your application?
If you’re still experiencing the problem, would you be able to provide a cut down version of your code so that I can replicate the problem?
Thanks @CameliaGao for the response!
I finally figured out the problem: I was using a web worker, and it has it’s own security context if not loaded using a blob. Switching my worker to use a blob allowed it to use the CSP from the main app.
Thanks so much for your help!