I'm developing several apps that use web workers and all of them are kind of broken using the latest Chrome V63.0.3230.132.
This is the error message I see on the console:
[Report Only] Refused to create a worker from 'http://localhost:8080/d04af186322390d53036.worker.js' because it violates the following Content Security Policy directive: "worker-src 'none'".
I've also noticed some other sites behaving the same way.
Apparently, it doesn't matter how one creates that worker. I tried it in a react app using worker-loader, but also in a plain JS demo where I created it manually. The error remains the same.
I've got all the CSP headers in place, and also updated my manifest.json files with the correct CSP entry to no avail.
All other browsers are working fine.
Can someone confirm or explain this behavior?
Upd: in this case the issue was root-caused to having uMatrix plugin installed and enabled. Even when the plugin switched off the issue did remain. So there are two ways to workaround those confusing errors:
The details are here https://github.com/gorhill/uMatrix/issues/926#issuecomment-359905357
Initial reply for history.
Xceno, did you confirm that Chrome really fails to load the worker?
I see the exact same error, but... the SW actually works. Maybe this is just a false-positive bug from Chrome.
Here is my code and what I see in console
navigator.serviceWorker.register('/sw.js').then(function(registration) {
console.log('ServiceWorker registration successful with scope: ', registration.scope);
// ... some other code
}
Console output:
defer.js:36 [Report Only] Refused to create a worker from 'https://.../sw.js' because it violates the following Content Security Policy directive: "worker-src 'none'".
defer.js:37 ServiceWorker registration successful with scope: https://.../
In my case SW was in fact successfully installed and worked as designed.