Forum OpenACS Development: HostNode Mapping Vs CSP Violation

Request notifications

Collapse
Posted by Iuri Sampaio on
Hi there,

After I'd added a hostname/URL pair, I noticed that authentication works to the main hostname https://litli.net/register/.

However it doesn't to the new one (i.e. https://wcaec.net/register/) where the user gets locked in the login page redirecting him the login page itself endlessly.

I also noticed that having this new hostname/URL pair causes a CSP violation to the system and, as the new hostname is different from the one that hosts the main OACS installation, I'd say this behaviour is totally expected since it's compliant with CSP rules.

(p.s. and of course when I disable ACS Kernel > CSP parameter, the 404 error is gone)

With that said,
1. how would I make login to work when a user visits https://wcaec.net/register/ ?

2. how would I implement CSP rules in order to be compliant with CSP, having these 2 domains sharing the same OACS installation?

Error logs are bellow.

For reference:
https://openacs.org/xowiki/CSP
https://openacs.org/api-doc/proc-view?proc=security%3a%3acsp%3a%3arequire&source_p=0



[28/Feb/2019:10:41:12][2316.7f4b6dffb700][::throttle] Notice: === user 10.0.0.16 entered community 38499 at 1551379272 reason new
[28/Feb/2019:10:41:12][2316.7f4b567fc700][-conn:litli:7:6224-] Notice: register/index.tcl: login_template /packages/acs-subsite/lib/login host_node_id
[28/Feb/2019:10:41:12][2316.7f4b567fc700][-conn:litli:7:6225-] Error: return: failed to redirect '404': exceeded recursion limit of 3