Uploaded image for project: 'Red Hat Developer Hub Bugs'
  1. Red Hat Developer Hub Bugs
  2. RHDHBUGS-2258

Remove setting custom csp script-src rules in RHDH lightspeed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • 1.8.0
    • UI
    • None
    • RHDH F&UI plugins 3283

      Description of problem: 

       

      Developer lightspeed uses custom csp to make monaco editor functional when we preview the uploaded files. This custom csp rule breaks other components in the backstage like EntityAboutCard and Scaffolder actions.

       

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

      • Follow the lightspeed documentation to enable developer lightspeed.
      • Visit Profile page or register a template.

      Actual results:

       

      UI breaks with an error

      aluating a string as JavaScript violates the following Content Security Policy directive because 'unsafe-eval' is not an allowed source of script: script-src 'self' https://cdn.jsdelivr.net".

       

       

      Expected results:

      • Should not set CSP explicitly.{}
      • My profie and scaffolder actions should be fully functional

      Reproducibility (Always/Intermittent/Only Once): 

       

      Always

       

      Build Details: 1.8

      Additional info (Such as Logs, Screenshots, etc): 

      Slack thread for more info - https://redhat-internal.slack.com/archives/C05HGAR2DT5/p1762955454222449

        1. Screenshot 2025-11-12 at 7.59.15 PM.png
          Screenshot 2025-11-12 at 7.59.15 PM.png
          30 kB

              karthik.jk Karthik Jeeyar
              karthik.jk Karthik Jeeyar
              RHIDP - Frontend Plugins & UI
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: