Solved

Local worker script considered external network resource to networkAccess manifest option?

1 year ago
June 27, 2023
4 replies
1205 views

Dustin_Mierau
2 replies

I want to be clear on my plugin community page that my plugin does not use external network resources. However, when I put “none” in the allowedDomains array in my manifest, I get the following error:

Refused to create a worker from 'data:application/javascript,...' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' figma.com". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.

So, hmm, I guess technically worker scripts are considered external network resources? Though I am loading the worker script block from another script block in my ui.html source. So it’s all local. I don’t know why the plugin runtime considers this an external resource. And there doesn’t appear to be a way to specify such resources.

Sadly, for now, it seems I need to leave my network access as unspecified.

Has anyone else experienced this? Or found a workaround?

Thanks!

Best answer by Akbar_Mirza

Hey all,

We’ve just pushed an update that should allow blobs and data URLs now. Could you try setting your networkAccess field to none now?

View original

This topic has been closed for replies.

Yi_Shen
2 replies
1 year ago
July 20, 2023

Same issue here. Set “allowedDomains” to “*” can fix it. But I think it’s not a good way.

syntax
2 replies
1 year ago
August 1, 2023

Same issue:

Refused to create a worker from 'blob:null/0d8c3769-84e7-4992-9975-ae7fc5692568' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' ... Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.

The CSP needs worker-src: blob set.

For my use case this was for Monaco Code Editor web workers that are inlined. Inlining workers is pretty much the only way since you can only have one HTML file with your UI. Either that or network access requests…

Akbar_Mirza
Figmate
5 replies
Answer
1 year ago
August 25, 2023

Hey all,

We’ve just pushed an update that should allow blobs and data URLs now. Could you try setting your networkAccess field to none now?

Dustin_Mierau
Author
2 replies
1 year ago
August 30, 2023

This appears to work now thanks. Updated my plugins with [“none”]

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Local worker script considered external network resource to networkAccess manifest option?

4 replies

Solved topics

I can’t find the “properties panel”

Figma Sites - Redirect for missing www. in address and the SSL

Figma MCP's recommended usage practices (get_code getting stuck)

Why my figma have old actions yet?

Someone can explain me the MCP settings? There is no help docs

Cookie policy

Cookie settings

Related topics

Component reusabilityicon

Change component boolean property value on a prototypeicon

Variable Content Containers for Components (Replace/Reorder Layers in components)

Change variant of other componenticon

How many component libraries should we have ideally? Pros and Cons?icon

Solved topics

I can’t find the “properties panel”

Figma Sites - Redirect for missing www. in address and the SSL

Figma MCP's recommended usage practices (get_code getting stuck)

Why my figma have old actions yet?

Someone can explain me the MCP settings? There is no help docs

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings