There are 0 comments in this discussion.
Topic: Using pow with ember-cli and Content Security Policy
How to set up your config/environment.js to not complain about your .dev domain supplied by pow.
I get sick of writing localhost and port numbers when I'm developing, so I use pow.
It's a little trickier when you are developing with ember-cli rather than a Ruby Rack based app. You have to use Port Proxying because ember-cli is based on node.js with an express server. It's really not that bad though.
After the powder command, you should get a note saying your app is now available at [your_app_name].dev. Of course you'll need to start ember up first. That's the next step. Make sure the port numbers match.
That's the easy part.
The harder part is getting ember-cli to not complain about content security policy violations for your new handy .dev domain that is really serving localhost:4201 (or whatever). This took me awhile to find the right thing to specify with a lot of trial and error and no answers in IRC or from web searches (thus this blog post).
Here's the basic idea for your config/environment.js. If you have other APIs, etc. you need to add to your content security policy, you'll need to adjust this accordingly:
Place this just before your
return ENV; at the end of the file.
Note the 'unsafe-inline' in the script-src line. From my experiments, this looks to be required. Unfortunately you now won't get warnings if you use unsafe inline scripts in your app, but you weren't going to do that anyway, were you?