Apollo-client-devtools: Content Security Policy issue with version 2.1.0

Created on 2 Feb 2018  路  7Comments  路  Source: apollographql/apollo-client-devtools

Hi,

just wanted to report this error that I'm getting on 2.1.0

My site is using some CSP headers and the console is now filled with these. It still works though so it's not a major thing.

Refused to connect to 'https://devtools.apollodata.com/graphql' because it violates the following Content Security Policy directive: "connect-src 'self' ws: localhost:3000".

Uncaught (in promise) TypeError: Failed to fetch
    at <anonymous>:1:904
    at n.checkVersions (backend.js:1)
    at n.initBackend (backend.js:1)
    at e (backend.js:1)
    at e (backend.js:1)

Most helpful comment

turns out it sends usage info to Google Analytics too :/

i can't use a browser extension that phones home on my work computer. until this issue is fixed i'm using a fork that doesn't include analytics.

All 7 comments

@jole78 interesting! I'll get a fix out ASAP! Thanks!

@jbaxleyiii can confirm it now works on 2.1.1 ...thx...closing the issue!

@jbaxleyiii sorry...I spoke too soon...still errors on 2.1.1 (maybe the fix wasn't in that release after all).

@jbaxleyiii why would the Apollo Dev Tools extension need to talk to apollodata.com? Analytics?

Same question, is it really necessary? Can I opt-out?

turns out it sends usage info to Google Analytics too :/

i can't use a browser extension that phones home on my work computer. until this issue is fixed i'm using a fork that doesn't include analytics.

Can confirm current issue still exists in version v2.2.2

Was this page helpful?
0 / 5 - 0 ratings

Related issues

iki picture iki  路  7Comments

ryannealmes picture ryannealmes  路  5Comments

pavanmehta91 picture pavanmehta91  路  7Comments

glauberfc picture glauberfc  路  5Comments

jeffdesign picture jeffdesign  路  5Comments