Solved

Local worker script considered external network resource to networkAccess manifest option?

1 year ago
June 27, 2023
4 replies
1201 views

Dustin_Mierau
2 replies

I want to be clear on my plugin community page that my plugin does not use external network resources. However, when I put “none” in the allowedDomains array in my manifest, I get the following error:

Refused to create a worker from 'data:application/javascript,...' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' figma.com". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.

So, hmm, I guess technically worker scripts are considered external network resources? Though I am loading the worker script block from another script block in my ui.html source. So it’s all local. I don’t know why the plugin runtime considers this an external resource. And there doesn’t appear to be a way to specify such resources.

Sadly, for now, it seems I need to leave my network access as unspecified.

Has anyone else experienced this? Or found a workaround?

Thanks!

Best answer by Akbar_Mirza

Hey all,

We’ve just pushed an update that should allow blobs and data URLs now. Could you try setting your networkAccess field to none now?

View original

This topic has been closed for replies.

Yi_Shen
2 replies
1 year ago
July 20, 2023

Same issue here. Set “allowedDomains” to “*” can fix it. But I think it’s not a good way.

syntax
2 replies
1 year ago
August 1, 2023

Same issue:

Refused to create a worker from 'blob:null/0d8c3769-84e7-4992-9975-ae7fc5692568' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' ... Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.

The CSP needs worker-src: blob set.

For my use case this was for Monaco Code Editor web workers that are inlined. Inlining workers is pretty much the only way since you can only have one HTML file with your UI. Either that or network access requests…

Akbar_Mirza
Figmate
5 replies
Answer
1 year ago
August 25, 2023

Hey all,

We’ve just pushed an update that should allow blobs and data URLs now. Could you try setting your networkAccess field to none now?

Dustin_Mierau
Author
2 replies
1 year ago
August 30, 2023

This appears to work now thanks. Updated my plugins with [“none”]

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Local worker script considered external network resource to networkAccess manifest option?

4 replies

Solved topics

Component

Will a link stay the same as I update my figma prototype?

blank preview

How to add a boolean property to my component?

Measurement Indicator Will Not Go Away

Cookie policy

Cookie settings

Related topics

Interactive components for navigation doesn't work properlyicon

Figma Preview Doesn't Work Properly on iPadicon

Prototype component on hover and click nestedicon

Accessible prototyping testing and navigation flowicon

Dropdown sub item hover won't work properlyicon

Solved topics

Component

Will a link stay the same as I update my figma prototype?

blank preview

How to add a boolean property to my component?

Measurement Indicator Will Not Go Away

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings