Forum OpenACS Development: CSP Violation

Request notifications

Collapse
Posted by Iuri Sampaio on
Hi there,

I got these log Notices after upgrading oacs 5.9 to 5.9.1b3

I've found no reference of it on bugtracker. Neither I'm certain if that is whether it's a general error or it only happens on my box.

Best wishes,

ser_id 698 peer 127.0.0.1
[14/Apr/2017:01:27:17][773.7f068f7fe700][-conn:1contact:1-] Notice: CSP violation: {"csp-report":{"document-uri":"http://1c.1contact.ch/acs-admin/apm/package-load","referrer":"http://1c.1contact.ch/acs-admin/install/","violated-directive":"script-src 'unsafe-inline' 'self' 'nonce-D9D0DA068F55DF150764D383E58F111BD4A9A188'","effective-directive":"script-src","original-policy":"default-src 'self';font-src 'self' data:;img-src 'self';report-uri /SYSTEM/csp-collector.tcl;script-src 'unsafe-inline' 'self' 'nonce-D9D0DA068F55DF150764D383E58F111BD4A9A188';style-src 'self' 'unsafe-inline';","blocked-uri":"","status-code":200}} user-agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 user_id 698 peer 127.0.0.1
[14/Apr/2017:01:27:18][773.7f068f7fe700][-conn:1contact:1-] Notice: CSP violation: {"csp-report":{"document-uri":"http://1c.1contact.ch/acs-admin/apm/package-load","referrer":"http://1c.1contact.ch/acs-admin/install/","violated-directive":"font-src 'self' data:","effective-directive":"font-src","original-policy":"default-src 'self';font-src 'self' data:;img-src 'self';report-uri /SYSTEM/csp-collector.tcl;script-src 'unsafe-inline' 'self' 'nonce-D9D0DA068F55DF150764D383E58F111BD4A9A188';style-src 'self' 'unsafe-inline';","blocked-uri":"https://themes.googleusercontent.com","source-file":"https://code.jquery.com","line-number":3,"column-number":18202,"status-code":200}} user-agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 user_id 698 peer 127.0.0.1
^X^C

Collapse
2: Re: CSP Violation (response to 1)
Posted by Gustaf Neumann on
Since the setup of your site contains references to external sites, you have to allow these in the CSP. Or turn CSP off
(see http://openacs.org/xowiki/CSP)