New canisters are only available under icp0.io, not ic0.app. See here for context
@rbirkner can we maybe improve the error message? This is not very readable…
still no joy… seems to be subnet node permissions and or changes to the Unity .js loader or html directives in index or otherwise…
tried the raw… but not getting 500s… yet.
Error message is indicating that the ‘script-src’ portion of the CSR policy is set incorrectly. It is currently: "unsafe-“CanisterId"eval”, when it should just be “unsafe-eval” in the ‘.ic-assets.json5’ file.
<From .ic-assets.json5>:
// Notes about the CSP below:
// - script-src ‘unsafe-eval’ is currently required because agent-js uses a WebAssembly module for the validation of bls signatures.
// There is currently no other way to allow execution of WebAssembly modules with CSP.
// See: content-security-policy/proposals/CSP.md at main · WebAssembly/content-security-policy · GitHub.
Worst case, if you cannot fix this, would be to use a service worker for appending the headers.
most excellent - thanks Sir
Will digest and action
We currently have this http directive in the index
ic-assets.json5 dont seem to have that config file in our codebase
hmmm. will dig
I guess I create it in the project root and just have 1 line “unsafe-eval” in the file
Unity WebGL Player | Solar metaverse
ok… created a json5 file… in a new public sub-dir
but will edit to read JUST “Content-Security-Policy”: “script-src ‘self’ ‘unsafe-eval’”,
presuming I dont need ‘unsafe-inline’. then
‘unsafe-inline’ is for any JS scripts, which are loaded as inline scripts instead of modules.
Error message is that it tried to find the file, but couldn’t; so it returns a ‘404 Not Found’ error (which is formatted in HTML).
Unfortunately: Unity doesn’t support Linux desktop anymore. So, I cannot do much in the ways of troubleshooting.
ooooh indeed… clean forgot about the obvious. you Rock Sir !
thankyou indeed
solved the .js loader URL… now it finds ok… but it fails on the CSP again… I have the unsafe eval in both the json5 and the html header tag
any way forward you think ?
anyone on this would be great… it seems I have all the CSP directives and a json5 file …
yet with cache clear and redeploy - restart… seems CSP still trips
welcome any clues - thanks Planet Earth dfinity/Unity talents !
CSP is a generalized security policy, and the vast majority of these errors can be found in search engines, or you can ask ChatGPT about them.
For example, you can set your CSP security policy to not disallow any scripts
well I did in both the html and json4 file.
is there anything specific ? thanks in advance
You just need to change json5 in assets.
CSP is a general security protocol and doesn’t just exist on IC, so the vast majority of your questions can be solved by asking a search engine.
yep i did this earlier and put .ic-assets.json5 into the assets folder and public folder
still got the same CSP error as in the images I posted.
Error message says that you need to add ‘unsafe-inline’ to the ‘script-src’ keyword in the ‘.ic-assets.json5’ headers section.