Im Constructing a web worker in an Electron-Forge project.
I have defined a CSP rule for a web worker like this:
import { session } from "electron"
session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
callback({
responseHeaders: {
...details.responseHeaders,
'Content-Security-Policy': [
'worker-src \'self\' \'unsafe-inline\' blob:'
]
}
})
})
I keep getting the error:
Failed to construct 'Worker': Access to the script at 'blob:http://localhost:3000/56a59311-87f4-4493-81ab-3d86f46bf0cb' is denied by the document's Content Security Policy.
The way im constructing the web worker :
class WorkerBuilder extends Worker {
constructor(worker) {
const code = worker.toString();
const blob = new Blob(["(" + code + ")()"]);
return new Worker(URL.createObjectURL(blob));
}
}
const worker = new WebWorker(....)
Whats wrong with my CSP rules? It has to work both in dev and prod.