Forge app loads normally on Chrome, Mozilla, Edge, Opera browsers but i get “Refused to Execute a Script” and failed to load resource error on Safari browser. My manifest.yml and index.html are as follows;
What script are you trying to run here that is being blocked?
Note that we serve all custom UI files with a Content-Security-Policy header.
In your second message, that error is for a sourcemap file, and is expected as we do not deploy the sourceMap file. However, this does not have any effect on the execution of your app otherwise.
I’m seeing something similar on the app I building. It’s a jira:customFieldType, the view, using CustomField, loads fine, the Edit modal, which is React using atlaskit, throws these errors:
It works in other browsers. As another data point, it doesn’t work in Brave with “Shields Up” (default privacy settings), but does with “Shields Down”.
For deployed custom UI apps, in Safari and Brave (shields up or down), apps work without issue.
For tunneled custom UI apps, in Safari and Brave (shields up), apps do not work.
For Brave, as a workaround, you can use “shields down”, or specify “Allow all trackers & ads”.
For Safari, there is no workaround as the option to view “mixed content” is not available. In this case, the host app (https://site.atlassian.net) is trying to show an insecure (http://localhost:8***) frame. You can try use a different browser for tunnelling.
I’ve created this ticket for us to consider serving tunnelled custom UI apps over HTTPS which I believe should avoid this issue. [FRGE-689] - Ecosystem Jira
Can you confirm that even with your tunnel closed, the page is attempting to fetch from localhost:8001? There shouldn’t be any requests to localhost if your app is not currently being tunnelled.