View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0004637 | Taler | Web site(s) | public | 2016-09-02 14:50 | 2016-10-11 17:28 |
Reporter | Marcello Stanisci | Assigned To | Marcello Stanisci | ||
Priority | high | Severity | tweak | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 0.0 | ||||
Target Version | 0.1 | Fixed in Version | 0.1 | ||
Summary | 0004637: Inline scripts/styles not accepted anymore | ||||
Description | Chromium, maybe jointly with the Taler extension, does not like anymore inline scripts/styles. Apparently it depends from the extension's manifest file, but the page which triggers the complain does not belong to the wallet. That currently prevents us from withdrawing coins, as the form is dynamically generated. Below is the message: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-MB/UFUdXxj8tcQU8gPBz4nxUcSjxNb24vq/Wa/Gu9ps='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. blog.test.taler.net/:96 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-zBP1dcmi7VJsAQ4s7yRPrzWSxYmzP5/Xx+iML1zNymc='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. | ||||
Tags | No tags attached. | ||||
|
modifying the manifest.json from the wallet did not fix it |
|
The problem was due to some changes made in nginx config aimed to harden the Content Security Policy, so starting from commit 7ba48b611e2683e49, web-common has no inline JavaScript/CSS anymore. |
Date Modified | Username | Field | Change |
---|---|---|---|
2016-09-02 14:50 | Marcello Stanisci | New Issue | |
2016-09-02 15:00 | Marcello Stanisci | Note Added: 0011084 | |
2016-09-02 16:33 | Marcello Stanisci | Assigned To | => Marcello Stanisci |
2016-09-02 16:33 | Marcello Stanisci | Status | new => assigned |
2016-09-05 13:06 | Christian Grothoff | Severity | major => tweak |
2016-09-05 14:22 | Marcello Stanisci | Note Added: 0011088 | |
2016-09-05 14:22 | Marcello Stanisci | Status | assigned => resolved |
2016-09-05 14:22 | Marcello Stanisci | Resolution | open => fixed |
2016-09-19 00:55 | Christian Grothoff | Product Version | git (master) => 0.0 |
2016-09-19 00:55 | Christian Grothoff | Fixed in Version | => 0.1 |
2016-09-19 00:55 | Christian Grothoff | Target Version | => 0.1 |
2016-10-11 17:28 | Christian Grothoff | Status | resolved => closed |