dsa-webworker can't load scripts if CSP uses nonce #521
Comments
|
In which app does this happens? Do you use any pipe/combine/minify mechanism? Can you post the complete HTTP header? |
|
@theCalcaholic can you post the complete header of the html file on which the error occurs? |
|
I don't have that error anymore, sorry. It was fixed for me in an update to the jsxc, iirc. |
|
@theCalcaholic thanks for reporting. |
|
hi. Have same trouble with Nextcloud 12.0.3 Uncaught DOMException: Failed to execute 'importScripts' on 'WorkerGlobalScope': The script at 'https://cloud.ipcd.ru/apps/ojsxc/js/jsxc/lib/otr/vendor/salsa20.js' failed to load. |
|
This is a known bug and I already opened an issue nextcloud/server#5936. For me it looks like there is no nice fix for this, so we probably have to concatenate the web worker. Btw. pull requests are always welcome. |
|
thx. very helpful. Now as I see everything works as it should.
2017-11-03 11:24 GMT+03:00 okamzol <notifications@github.com>:
… Hi,
have had the same problem and found a working solution. I played a bit
with policy rules in app.php and ended up with adding my domain as
additional rule for addAllowedScriptDomain.
After line 27 add:
$policy->addAllowedScriptDomain('https://my.domain.tld');
Tested and works with Chrome Version 61.0.3163.100
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#521 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AfguFVDCoc5BZi8xHmt0olyMm9c4HVLJks5sys2vgaJpZM4NQo7d>
.
|
Sadly this doesn't work, because Nextcloud replaces the |
|
Hope this fix works for you guys. |
I'm running ojsxc 3.1.1 on Nextcloud 11.0.3 which uses a CSP with a random nonce for loading scripts:
This causes a problem for the
dsa-webworker.jswhich tries to load external scripts but omits the nonce when doing so:The text was updated successfully, but these errors were encountered: