View Issue Details

IDProjectCategoryView StatusLast Update
0004637TalerWeb site(s)public2016-10-11 17:28
ReporterMarcello StanisciAssigned ToMarcello Stanisci 
PriorityhighSeveritytweakReproducibilityhave not tried
Status closedResolutionfixed 
Product Version0.0 
Target Version0.1Fixed in Version0.1 
Summary0004637: Inline scripts/styles not accepted anymore
DescriptionChromium, maybe jointly with the Taler extension, does not like anymore inline scripts/styles. Apparently it depends from the extension's manifest file, but the page which triggers the complain does not belong to the wallet. That currently prevents us from withdrawing coins, as the form is dynamically generated. Below is the message:

Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-MB/UFUdXxj8tcQU8gPBz4nxUcSjxNb24vq/Wa/Gu9ps='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

blog.test.taler.net/:96 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-zBP1dcmi7VJsAQ4s7yRPrzWSxYmzP5/Xx+iML1zNymc='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
TagsNo tags attached.

Activities

Marcello Stanisci

2016-09-02 15:00

manager   ~0011084

modifying the manifest.json from the wallet did not fix it

Marcello Stanisci

2016-09-05 14:22

manager   ~0011088

The problem was due to some changes made in nginx config aimed to harden the
Content Security Policy, so starting from commit 7ba48b611e2683e49, web-common has no inline JavaScript/CSS anymore.

Issue History

Date Modified Username Field Change
2016-09-02 14:50 Marcello Stanisci New Issue
2016-09-02 15:00 Marcello Stanisci Note Added: 0011084
2016-09-02 16:33 Marcello Stanisci Assigned To => Marcello Stanisci
2016-09-02 16:33 Marcello Stanisci Status new => assigned
2016-09-05 13:06 Christian Grothoff Severity major => tweak
2016-09-05 14:22 Marcello Stanisci Note Added: 0011088
2016-09-05 14:22 Marcello Stanisci Status assigned => resolved
2016-09-05 14:22 Marcello Stanisci Resolution open => fixed
2016-09-19 00:55 Christian Grothoff Product Version SVN HEAD => 0.0
2016-09-19 00:55 Christian Grothoff Fixed in Version => 0.1
2016-09-19 00:55 Christian Grothoff Target Version => 0.1
2016-10-11 17:28 Christian Grothoff Status resolved => closed