Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP error locally #704

Open
MarcEgliP opened this issue May 23, 2023 · 1 comment · May be fixed by #711
Open

CSP error locally #704

MarcEgliP opened this issue May 23, 2023 · 1 comment · May be fixed by #711
Assignees
@kcinay055679

Comments

@MarcEgliP
Copy link
Collaborator

MarcEgliP commented May 23, 2023
edited
Loading

If we execute docker compose up locally and create new credentials, the password is not blurred anymore. This is because of a CSP-Error (Content Security Policy) which blocks the the request which gets the font to blur out the password.

The CSP-Error can be viewed in the network console of the browser. The failing request is: http://localhost:4200/text-security-disc.woff2.

To finish this story we need to include localhost:4200 in the our content security policy to be able to fetch the fonts from it.

File which could help you:

  • content_security_policy.rb
@MarcEgliP MarcEgliP mentioned this issue May 23, 2023
Merged
@njaeggi njaeggi self-assigned this Jun 5, 2023
@lkleisa lkleisa self-assigned this Jun 5, 2023
@lkleisa lkleisa linked a pull request Jun 5, 2023 that will close this issue
Feature/704; Allow csp font locally #711
Open
@njaeggi
Copy link
Contributor

njaeggi commented Jun 15, 2023

I am pretty sure we have to sue something like this

policy.font_src :self, 'http://localhost:4200' if Rails.env.development?

in our content_security_policy.rb

Maybe we can also disable CSP completely for local development, if that's possible

Important:

rebuild your docker when changing something in docker files or CSP settings. @mtnstar and me fixed the docker build by removing yarn and node from the rails Image and by upgrading puma

@MarcEgliP MarcEgliP mentioned this issue Jun 26, 2023
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kcinay055679 kcinay055679

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature/704; Allow csp font locally puzzle/cryptopus
4 participants
@njaeggi @lkleisa @kcinay055679 @MarcEgliP