New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CSP] violation in about:addons page at add-ons screenshots preview #2471
Comments
Blocks #1660 |
This one is fixable with config, but it shouldn't be happening. I think this might be a bug with some kind of image pre-loading via |
Fwiw the latter bug is a dupe of #2454 |
Ok this is the line causing the problem: https://github.com/mozilla/olympia/blob/master/static/js/lib/jquery-ui/ui.lightbox.js#L126 the cause is a empty src attribute for the close button image. This then matches the base-uri which has been set to https://addons.mozilla.org. |
This should be testable on -dev and stage with the following disco pane hosts: dev: https://addons-dev-services.allizom.org/ |
It seems that with the provided hosts, the banner is not working in disco pane (neither in stage or dev) |
The fix isn't on stage yet. -dev is actively blocking connect-src due to configuration issues as the services host is not setup quite the same as production. I'm hoping we can change the settings to match up with production rather than paper over the problem with additional CSP config. See https://github.com/mozilla/olympia/issues/1555#issuecomment-179559960 and my replies. |
Relates to #1660
Steps to reproduce:
Expected results:
There is no CSP violation in the console.
Actual results:
There is a CSP violation displayed in the console.
Notes/Issues:
Please see the csp reporting via network: https://pastebin.mozilla.org/8858326
Verified on FF44(Win 7). Issue is reproducing on AMO-prod.
Screenshot for this issue:
Also, when refreshing about:addons page or an add-on details page there is an other csp violation (https://pastebin.mozilla.org/8858333)this is a duplicate of #2454Please see the screenshot:
The text was updated successfully, but these errors were encountered: