Ok, so we’ve identified the error.
We’re using the CSP package. We have a list of more than ~50 rules/domains we run BrowserPolicy.content.allowOriginForAll
.
When the list gets too big it’s throws the error.
In my tests when it goes above certain character limit, it throws the Unexpected error
and no console error.
Works:
// Allow rules for Browser Policy
const allowOriginForAll = ['fonts.googleapis.com', 'fonts.gstatic.com', 'https://*.stripe.com',
'*.cloudinary.com', 'https://cdnjs.cloudflare.com', 'https://maps.googleapis.com',
'https://maps.gstatic.com', 'https://csi.gstatic.com', 'https://*.wistia.com',
'http://fast.wistia.com', 'https://embedwistia-a.akamaihd.net',
'http://src.litix.io/core/2/mux.js', 'http://fast.wistia.net', 'blob:',
'https://raw.githubusercontent.com', 'https://ipinfo.io', 'https://graph.facebook.com',
'https://scontent.xx.fbcdn.net', 'https://geteducation.link', 'https://graph.facebook.com',
'https://scontent.cdninstagram.com', 'https://api.instagram.com', 'https://js.hubspotfeedback.com',
'http://www.youtube.com/', 'https://s.ytimg.com/', 'https://lookaside.facebook.com',
'https://www.google-analytics.com', 'https://stats.g.doubleclick.net', 'https://www.google.com',
'https://www.google.com.au', 'https://static.hotjar.com', 'https://vars.hotjar.com',
'https://script.hotjar.com', 'https://www.googletagmanager.com', 'http://tagmanager.google.com',
'https://ssl.gstatic.com', 'https://www.gstatic.com', 'https://app.hubspot.com/',
'http://js.hs-scripts.com', 'https://js.hscollectedforms.net', 'https://js.usemessages.com',
'http://js.hs-analytics.net', 'http://track.hubspot.com', 'https://js.hsadspixel.net',
'https://connect.facebook.net'];
allowOriginForAll.forEach(item => BrowserPolicy.content.allowOriginForAll(item));
Does not work:
// Allow rules for Browser Policy
const allowOriginForAll = ['fonts.googleapis.com', 'fonts.gstatic.com', 'https://*.stripe.com',
'*.cloudinary.com', 'https://cdnjs.cloudflare.com', 'https://maps.googleapis.com',
'https://maps.gstatic.com', 'https://csi.gstatic.com', 'https://*.wistia.com',
'http://fast.wistia.com', 'https://embedwistia-a.akamaihd.net',
'http://src.litix.io/core/2/mux.js', 'http://fast.wistia.net', 'blob:',
'https://raw.githubusercontent.com', 'https://ipinfo.io', 'https://graph.facebook.com',
'https://scontent.xx.fbcdn.net', 'https://geteducation.link', 'https://graph.facebook.com',
'https://scontent.cdninstagram.com', 'https://api.instagram.com', 'https://js.hubspotfeedback.com',
'http://www.youtube.com/', 'https://s.ytimg.com/', 'https://lookaside.facebook.com',
'https://www.google-analytics.com', 'https://stats.g.doubleclick.net', 'https://www.google.com',
'https://www.google.com.au', 'https://static.hotjar.com', 'https://vars.hotjar.com',
'https://script.hotjar.com', 'https://www.googletagmanager.com', 'http://tagmanager.google.com',
'https://ssl.gstatic.com', 'https://www.gstatic.com', 'https://app.hubspot.com/',
'http://js.hs-scripts.com', 'https://js.hscollectedforms.net', 'https://js.usemessages.com',
'http://js.hs-analytics.net', 'http://track.hubspot.com', 'https://js.hsadspixel.net',
'https://connect.facebook.net', 'https://www.facebook.com', 'http://documents.geteducation.link',
'https://forms.hubspot.com/', 'https://platform-lookaside.fbsbx.com', 'https://cdn.headwayapp.co',
'https://px.ads.linkedin.com', 'https://headway-widget.net/', 'https://js.hsleadflows.net',
'https://www.googleadservices.com', 'https://snap.licdn.com', 'https://bid.g.doubleclick.net',
'https://googleads.g.doubleclick.net', 'https://t.hs-growth-metrics.com',
'*.cloudflarestream.com', 'https://help.geteducation.link',
'*.videodelivery.net', 'https://cloudflarestream.com', 'https://t.hs-growth-metrics.com',
'https://videodelivery.net', 'cdn2.hubspot.net', 'https://maxcdn.icons8.com',
'https://pages.geteducation.link', 'https://js.hsforms.net', 'https://forms.hsforms.com',
'https://js.hscta.net', 'http://cta-service-cms2.hubspot.com', 'https://www.googleadservices.com',
'https://rum-static.pingdom.net', 'https://www.gostudy.com.au', 'https://*.googleusercontent.com', 'https://docs.google.com'];