Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App user QR code violates CSP directive #629

Closed
matthew-white opened this issue Apr 10, 2024 · 1 comment · Fixed by #772
Closed

App user QR code violates CSP directive #629

matthew-white opened this issue Apr 10, 2024 · 1 comment · Fixed by #772
Assignees
@alxndrsn
Labels
ops Docker, nginx, ops to deploy Central

Comments

@matthew-white
Copy link
Member

matthew-white commented Apr 10, 2024
edited
Loading

Problem description

When I view an app user QR code in Frontend, I see an error in the browser console in Chrome:

[Report Only] Refused to load the image 'data:image/gif;base64,...' because it violates the following Content Security Policy directive: "img-src *". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'data:' must be added explicitly.

URL of the page

https://staging.getodk.cloud/#/projects/85/app-users

Steps to reproduce the problem

  1. Navigate to the URL above.
  2. Open the browser console.
  3. Click "See code".

Central version shown in version.txt

versions:
f0b2a90bce34fc13b0df4affd8b3158d57bcf904 (v2023.5.1-5-gf0b2a90)
+2bb17a501416814bbd987ddc953abc5b0c40c58a client (v2023.5.0-43-g2bb17a50)
+267e0ad7806057fc82894f58bea680627f1de5cd server (v2023.5.0-49-g267e0ad7)
@matthew-white matthew-white added the ops Docker, nginx, ops to deploy Central label Apr 10, 2024
@alxndrsn alxndrsn mentioned this issue Nov 9, 2024
Open
alxndrsn pushed a commit to alxndrsn/odk-central that referenced this issue Nov 9, 2024
Content-Security-Policy: allow images from data: URLs
0415ec6 
QR displayed in odk-central-frontend are displayed with src=data:...

Closes getodk#629
@alxndrsn alxndrsn mentioned this issue Nov 9, 2024
Merged
alxndrsn added a commit that referenced this issue Nov 11, 2024
@alxndrsn
Content-Security-Policy: allow images from data: URLs (#772)
fb02423 
QR displayed in odk-central-frontend are displayed with src=data:...

Closes #629
@github-project-automation github-project-automation bot moved this to 🕒 backlog in ODK Central Nov 11, 2024
@matthew-white
Copy link
Member Author

Closed by #772.

@github-project-automation github-project-automation bot moved this from 🕒 backlog to ✅ done in ODK Central Nov 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alxndrsn alxndrsn

Labels
ops Docker, nginx, ops to deploy Central
Projects
ODK Central
Status: ✅ done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Content-Security-Policy: allow images from data: URLs alxndrsn/odk-central
2 participants
@alxndrsn @matthew-white