Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: symbol search popup fails to load #43949

Open
myitcv opened this issue Jan 27, 2021 · 4 comments
Open

x/pkgsite: symbol search popup fails to load #43949

myitcv opened this issue Jan 27, 2021 · 4 comments

Comments

@myitcv
Copy link
Member

@myitcv myitcv commented Jan 27, 2021

What is the URL of the page with the issue?

https://pkg.go.dev/cuelang.org/go@v0.3.0-beta.3.0.20210124142225-9c5489fc66ed/cue

What is your user agent?

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.59 Safari/537.36

Screenshot

n/a

What did you do?

Tried to launch the symbol search via f

What did you expect to see?

A popup with a type-ahead box as usual, much like on https://pkg.go.dev/github.com/govim/govim/cmd/govim/config:

Screen Shot 2021-01-27 at 09 02 35

What did you see instead?

Nothing. Instead I see the following console errors:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'strict-dynamic' https: http: 'sha256-CgM7SjnSbDyuIteS+D1CQuSnzyKwL0qtXLU6ZW2hB+g=' 'sha256-dwce5DnVX7uk6fdvvNxQyLTH/cJrTMDK6zzrdKwdwcg=' 'sha256-Q0lBU5W61U2Bjmznl8iFgTCLw4PWCtS1taSwwNz3iGk=' 'sha256-T7xOt6cgLji3rhOWyKK7t5XKv8+LASQwOnHiHHy8Kwk=' 'sha256-1J6DWwTWs/QDZ2+ORDuUQCibmFnXXaNXYOtc0Jk6VU4=' 'sha256-y5EX2GR3tCwSK0/kmqZnsWVeBROA8tA75L+I+woljOE=' 'sha256-hsHIJwO1h0Vzwa75j0l07kUfQ7MEZGI/HlSPB/8leZ0=' 'sha256-CFun5NgnYeEpye8qcbQPq5Ycwavi4IXuZiIzSMNqRUw=' 'sha256-IHdniK/yZ8URNA2OYbc4R7BssOAe3/dFrSQW7PxEEfM=' 'sha256-hb8VdkRSeBmkNlbshYmBnkYWC/BYHCPiz5s7liRcZNM='". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.

cue:3476 Uncaught ReferenceError: loadScript is not defined
    at cue:3476
(anonymous) @ cue:3476
cue:3482 Uncaught ReferenceError: loadScript is not defined
    at cue:3482
(anonymous) @ cue:3482
cue:3485 Uncaught ReferenceError: loadScript is not defined
    at cue:3485
(anonymous) @ cue:3485
cue:3488 Uncaught ReferenceError: loadScript is not defined
    at cue:3488
(anonymous) @ cue:3488
cue:3499 Uncaught ReferenceError: loadScript is not defined
    at cue:3499
@jamalc
Copy link
Member

@jamalc jamalc commented Jan 27, 2021

I cannot reproduce this but have a theory that it might've been a caching issue. Is this still happening @myitcv?

@myitcv
Copy link
Member Author

@myitcv myitcv commented Jan 29, 2021

Given the above link, no I can't reproduce this now.

Is the caching issue related to the console errors I included?

@jamalc
Copy link
Member

@jamalc jamalc commented Feb 18, 2021

It might be. Our Content Security Policy (CSP) uses content hashes of the JavaScript we serve to enhance the security of pkg.go.dev. The loadScript function is used to load the code that would have opened symbol search but it was not defined because its content hash did not match any of the content hashes in our CSP header.

Just to rule this out, is it possible that you have any browser extensions installed that might've altered JavaScript on the page?

@myitcv
Copy link
Member Author

@myitcv myitcv commented Feb 18, 2021

Just to rule this out, is it possible that you have any browser extensions installed that might've altered JavaScript on the page?

No. Other pages on pkg.go.dev were working and continue to work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants