Unrecognized Content Security Policy directive 'worker-src' in Safari Browser
I have a django app that is embedded in Shopify. It is working fine in all other browsers except in Safari Browser. In safari there is the above mentioned issue in the log and getting internal server error for all other functionalities of the app.This is a part of my settings.py for the CSP settings:
CSP_FRAME_ANCESTORS = ("'self'", 'https://*.myshopify.com')
# default source as self
CSP_DEFAULT_SRC = ("'self'", "'unsafe-inline'", "'unsafe-eval'", "https://fonts.gstatic.com")
# style from our domain and bootstrapcdn
CSP_STYLE_SRC = ("'self'", "'unsafe-inline'", "https://fonts.googleapis.com")
# scripts from our domain and other domains
CSP_SCRIPT_SRC = ("'self'", "'unsafe-inline'", "'unsafe-eval'")
# images from our domain and other domains
CSP_IMG_SRC = ("'self'",
"https://*.s3.amazonaws.com", "data:", "https://cdn.shopify.com")
SESSION_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SECURE = True
XS_SHARING_ALLOWED_METHODS = ['POST', 'GET', 'PUT']
CSRF_COOKIE_SAMESITE = 'None'
CSRF_COOKIE_SECURE = True
STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
CSRF_TRUSTED_ORIGINS = [config('CSRF_TRUSTED_ORIGINS')]
Can anyone tell me what's the issue here?
The implemented support for various levels and directives of CSP differers between the browsers. Safari only recently added support for worker-src, see https://caniuse.com/?search=worker-src. If you upgrade to a more recent version it will probably work for you. However, you should also consider if your user base is ready and define fallbacks for other browsers if necessary.