I build the NodeJS/Express application below to serve my React app.
The 'build' path is the result of npm run build from my React app.
const express = require("express");
const helmet = require('helmet');
const compression = require('compression'); // compression file
const cors = require('cors');
const path = require('path');
const app = express();
app.use(cors());
app.use(helmet());
app.use(compression());
app.use(express.static(path.join(__dirname, 'build')));
app.get('*', (req, res) => {
res.sendFile(path.join(__dirname + '/build/index.html'));
});
app.listen(4000);
The index.html of my React app
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="keywords" content="my app" />
<meta name="description" content="My Website" />
<meta name="author" content="FName Name" />
<meta
name="viewport"
content="width=device-width, initial-scale=1, maximum-scale=1"
/>
<!--
manifest.json provides metadata used when your web app is installed on a
user's mobile device or desktop. See https://developers.google.com/web/fundamentals/web-app-manifest/
-->
<link rel="manifest" href="%PUBLIC_URL%/manifest.json" />
<!--
Notice the use of %PUBLIC_URL% in the tags above.
It will be replaced with the URL of the `public` folder during the build.
Only files inside the `public` folder can be referenced from the HTML.
Unlike "/favicon.ico" or "favicon.ico", "%PUBLIC_URL%/favicon.ico" will
work correctly both with client-side routing and a non-root public URL.
Learn how to configure a non-root public URL by running `npm run build`.
-->
<!-- css added by Mohammed :: starts -->
<!-- favicon icon -->
<link rel="shortcut icon" href="%PUBLIC_URL%/images/favicon.ico" />
<!-- inject css start -->
<!--== bootstrap -->
<link
href="%PUBLIC_URL%/css/bootstrap.min.css"
rel="stylesheet"
type="text/css"
/>
<link
href="https://fonts.googleapis.com/css?family=Nunito:300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"
rel="stylesheet"
/>
<!--== animate -->
<link
href="%PUBLIC_URL%/css/animate.css"
rel="stylesheet"
type="text/css"
/>
<!--== fontawesome -->
<link
href="%PUBLIC_URL%/css/fontawesome-all.css"
rel="stylesheet"
type="text/css"
/>
<!--== line-awesome -->
<link
href="%PUBLIC_URL%/css/line-awesome.min.css"
rel="stylesheet"
type="text/css"
/>
<!--== magnific-popup -->
<link
href="%PUBLIC_URL%/css/magnific-popup/magnific-popup.css"
rel="stylesheet"
type="text/css"
/>
<!--== owl-carousel -->
<link
href="%PUBLIC_URL%/css/owl-carousel/owl.carousel.css"
rel="stylesheet"
type="text/css"
/>
<!--== base -->
<link
href="%PUBLIC_URL%/css/base.css"
rel="stylesheet"
type="text/css"
/>
<!--== shortcodes -->
<link
href="%PUBLIC_URL%/css/shortcodes.css"
rel="stylesheet"
type="text/css"
/>
<!--== default-theme -->
<link
href="%PUBLIC_URL%/css/style.css"
rel="stylesheet"
type="text/css"
/>
<!--== responsive -->
<link
href="%PUBLIC_URL%/css/responsive.css"
rel="stylesheet"
type="text/css"
/>
<!--== color-customizer -->
<!--<link href="/#" data-style="styles" rel="stylesheet" />-->
<!-- <link
href="%PUBLIC_URL%/css/color-customize/color-customizer.css"
rel="stylesheet"
type="text/css"
/> -->
<!-- css added by Mohammed :: ends -->
<title>My App</title>
</head>
<body>
<noscript>You need to enable JavaScript to run this app.</noscript>
<div id="root"></div>
<!--
This HTML file is a template.
If you open it directly in the browser, you will see an empty page.
You can add webfonts, meta tags, or analytics to this file.
The build step will place the bundled scripts into the <body> tag.
To begin the development, run `npm start` or `yarn start`.
To create a production bundle, use `npm run build` or `yarn build`.
-->
<!-- inject js start -->
<!--== jquery -->
<script src="js/jquery.min.js"></script>
<!--== popper -->
<script src="js/popper.min.js"></script>
<!--== bootstrap -->
<script src="js/bootstrap.min.js"></script>
<!--== appear -->
<script src="js/jquery.appear.js"></script>
<!--== modernizr -->
<script src="js/modernizr.js"></script>
<!--== easing -->
<script src="js/jquery.easing.min.js"></script>
<!--== menu -->
<script src="js/menu/jquery.smartmenus.js"></script>
<!--== owl-carousel -->
<script src="js/owl-carousel/owl.carousel.min.js"></script>
<!--== magnific-popup -->
<script src="js/magnific-popup/jquery.magnific-popup.min.js"></script>
<!--== counter -->
<script src="js/counter/counter.js"></script>
<!--== countdown -->
<script src="js/countdown/jquery.countdown.min.js"></script>
<!--== canvas -->
<script src="js/canvas.js"></script>
<!--== confetti -->
<script src="js/confetti.js"></script>
<!--== step animation -->
<script src="js/snap.svg.js"></script>
<script src="js/step.js"></script>
<!--== contact-form -->
<script src="js/contact-form/contact-form.js"></script>
<!--== wow -->
<script src="js/wow.min.js"></script>
<!--== color-customize -->
<!-- <script src="js/color-customize/color-customizer.js"></script> -->
<!--== theme-script -->
<script src="js/theme-script.js"></script>
<!-- inject js end -->
</body>
</html>
The Fact app is running just fine in localhost test. However, when I open it by the NodeJS server that I build, the page does not open and the browser show the error:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”)
