You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is related to #404, which was patched and closed with v1.4 already 2020. It crept back into the code in 2021 by David Coutadeur. I will look at this a bit and see if I can come up with a solution or workaround, but am also happy if someone else have a look.
In our environment, where we add a stricter CSP in our proxy servers, we get the console error:
index.php:119 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' www.google.com www.gstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-cHwIqHc1H9/dJgzKT7RmVqfyir19aLCtoyGHJGEn/O0='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
The issue is in both templates/header.tpl, and templates/footer.tpl, where inlined styles (not so bad), and an inlined piece of javascript (worse) are used. I suggest that we try and break this out somehow.
index.php:119 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' www.google.com www.gstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-cHwIqHc1H9/dJgzKT7RmVqfyir19aLCtoyGHJGEn/O0='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
Introduction
This is related to #404, which was patched and closed with v1.4 already 2020. It crept back into the code in 2021 by David Coutadeur. I will look at this a bit and see if I can come up with a solution or workaround, but am also happy if someone else have a look.
In our environment, where we add a stricter CSP in our proxy servers, we get the console error:
The issue is in both templates/header.tpl, and templates/footer.tpl, where inlined styles (not so bad), and an inlined piece of javascript (worse) are used. I suggest that we try and break this out somehow.
The error message in Chrome:
In my nginx proxy:
The text was updated successfully, but these errors were encountered: