-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Checkup tests failing #98
Comments
This one can't be done automatically, it has to be done by the admin (a how-to is sent by mail) |
Here is my test output after setting admin key and enabling support tickets: This instance is running CryptPad v4.8.0. 21 / 24 tests passed. Details found below
|
Failed test number | 2 |
---|---|
Returned value | false |
/sheet/inner.html
does not have the required 'content-security-policy'
headers set. This is most often related to incorrectly configured sandbox domains or reverse proxies.
Failed test number | 17 |
---|---|
Returned value | false |
/common/onlyoffice/v4/web-apps/apps/spreadsheeteditor/main/index.html
does not have the required 'content-security-policy'
headers set. This is most often related to incorrectly configured sandbox domains or reverse proxies.
Failed test number | 18 |
---|---|
Returned value | false |
we are getting there...soon to be fully complete |
the test 26
is contradicting as the access control allow origin is indeed set on sandbox domain...taken from @ansuz that it shall be solved in a future version |
Describe the bug
The
installationdomain.tld/checkup
page complains about several things.Context
Steps to reproduce
Install the app and reach the checkup page.
Expected behavior
No or minimal complaints.
Logs
Let's make it a to-do list. Some tasks might be deemed unnecessary.
httpUnsafeOrigin and httpSafeOrigin are equivalent. In order for CryptPad's security features to be as effective as intended they must be different. See cryptpad/config/config.js
This instance's encrypted support ticket functionality has not been enabled. This can make it difficult for its users to safely report issues that concern sensitive information. This can be configured via the admin panel's Support tab.
This instance has not been configured to support web administration. This can be enabled by adding a registered user's public signing key to the adminKeys array in cryptpad/config/config.js.
(this one has to be done manually IIRC)Missing HTTP headers required for .xlsx export from sheets. A value of require-corp was expected for the cross-origin-embedder-policy HTTP header, but instead a value of "" was received.
/api/config was served with duplicated or incorrect headers. Compare your reverse-proxy configuration against the provided example.
The cross-origin-resource-policy header for /api/config is '' instead of 'cross-origin' as expected.
The cross-origin-embedder-policy header for /api/config is '' instead of 'require-corp' as expected.
/api/config
above, with/api/broadcast
instead/some/page does not have the required 'content-security-policy' headers set
The text was updated successfully, but these errors were encountered: