Unrecognized Content-Security-Policy directive 'prefetch-src'.

Deployed the server in production environment with metallb load balancer. But having issues with CORS.

Below are my CSP headers in webapp values.yaml

```
CSP_EXTRA_CONNECT_SRC: "https://*.example.com, wss://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_IMG_SRC: "https://*.example.com, wss://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_SCRIPT_SRC: "https://*.example.com, wss://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_DEFAULT_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_FONT_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_FRAME_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_MANIFEST_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_OBJECT_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_MEDIA_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_PREFETCH_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_STYLE_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
CSP_EXTRA_WORKER_SRC: "https://*.example.com, https://*.giphy.com, https://s3.us-east-1.amazonaws.com"
```

CORS Errors on the browser console

```
Unrecognized Content-Security-Policy directive 'prefetch-src'.

Access to XMLHttpRequest at 'https://api.example.com/api-version' from origin 'https://app.example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
GET https://api.example.com/api-version net::ERR_FAILED 200
```
Kubernetes Version

```
:~# kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:23:52Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:15:20Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}
```
Wire Webapp Image used

```
image:
  repository: quay.io/wire/webapp
  tag: "2023-04-11-production.0-v0.31.13-0-bb91157"
```

Please help me fix the CORS issue.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Unrecognized Content-Security-Policy directive 'prefetch-src'. #627

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Unrecognized Content-Security-Policy directive 'prefetch-src'. #627

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions