hello everyone
i working on sveltekit and strapi project
put it on shared hosting with cpanel.
my sveltekit response on /
strapi on /api
strapi response on api calls, and while loading admin, i got page title strapi.
seems like everything working but i enconted problem with Content Security Policy: inline («script-src»).
all appliction loads. but my route api/admin ends with this error
and could load/get hostname/admin/runtime~main.306e5e56.js
i guess something should be done with the headers?
or i guess better option will be to place on sub domain?
oh i forget, now my server runnig
Welcome back!
To manage your project
, go to the administration panel at:
http://0.0.0.0:1337/api/admin
To access the server
, go to:
http://0.0.0.0:1337/api
previously i read that it possible to use such settings, should i use my domain host name instead?
one more time to make sure that /api/admin rerpons
curl -I Strapi Admin
HTTP/1.1 200 OK
so browser prevent running
prepareInjection.js:249:7
in next function
function injectScriptSync(src) {
let code = ‘’;
const request = new XMLHttpRequest();
request.addEventListener(‘load’, function () {
code = this.responseText;
});
request.open(‘GET’, src, false);
request.send();
const script = document.createElement(‘script’);
script.textContent = code; // This script runs before the element is created,
// so we add the script to instead.
so when runstrapi app on / such problem doesn’t appear. but before that i manupulate my ENV varibles should i rebuild admin panel.
as i’m on shared hosting it’s not that trivial task
looking for a sollution in Middleware config on strapi docs
contentSecurityPolicy
Set the Content-Security-Policy
header Object
added some policies to response including my domain, and ‘self’ . browser steel prevents loading
response headers
script-src ‘self’ ‘https://just-fit.by’;connect-src ‘self’ https:;img-src ‘self’ data: blob: https://market-assets.strapi.io;media-src ‘self’ data: blob:;default-src ‘self’;base-uri ‘self’;font-src ‘self’ https: data:;form-action ‘self’;frame-ancestors ‘self’;object-src ‘none’;script-src-attr ‘none’;style-src ‘self’ https: ‘unsafe-inline’
one more thing
console.log also show error not found
{HOST}/admin/runtime~main.306e5e56.js
should this script be downloaded as above?
fetch request
{HOST}/api/admin
200
OK
ias i asked before should i rebuilt admin, cuse my app now located on {host}/api
or this error comes from content security
solved probllem with CONTENT SECURITY
need to implemt ‘unsafe-inline’ in midleweare config
but scripts not loaded
error not found, heh guess i need to rebuilt admin(((
ok, for script download error i rebuilt admin panel with
stop all procceses and server
npm run build
and than rerun server NODE_ENV=production npm run start
almoust there
BUT
already have beautiful spinner but new error

TypeError: (intermediate value).data.data is undefined
in main.js dfsdfsdf
TypeError: (intermediate value).data.data is undefined
11094 /api/admin/main.eb93c48a.js:761
11094 /api/admin/main.eb93c48a.js:761
e /api/admin/runtime~main.cda6b828.js:1
E /api/admin/main.eb93c48a.js:2926
/api/admin/main.eb93c48a.js:2926
r /api/admin/runtime~main.cda6b828.js:2
https://just-fit.by/api/admin/main.eb93c48a.js:1
main.eb93c48a.js:761:40563
11094 /api/admin/main.eb93c48a.js:761
11094 /api/admin/main.eb93c48a.js:761
e api/admin/runtime~main.cda6b828.js:1
E /api/admin/main.eb93c48a.js:2926
<анонимный> /api/admin/main.eb93c48a.js:2926
r /api/admin/runtime~main.cda6b828.js:2
<анонимный> /api/admin/main.eb93c48a.js:1
also getting error on UI error occurs on requesting API or smth like this
deleted unrealated