Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content Security Policy: The page’s settings blocked the loading of a resource at self #449

Closed
blizzz opened this issue Dec 12, 2017 · 3 comments
Closed

Content Security Policy: The page’s settings blocked the loading of a resource at self #449

blizzz opened this issue Dec 12, 2017 · 3 comments
Labels
1. to develop Accepted and waiting to be taken care of low Low priority
Milestone
3.0.0

Comments

@blizzz
Copy link
Member

blizzz commented Dec 12, 2017
edited by jospoortvliet
Loading

Steps to reproduce

  1. Have NC git master running (local via subdirectory) and Contacts master
  2. Go to Contacts app
  3. Create a new contact
  4. Edit the name
  5. Refresh

Expected behaviour

The new contact should have the entered name

Actual behaviour

  • The name is "New Contact" again
  • No request to the server is fired
  • Instead, a CSP error appears telling that loading a resource was blocked:
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src 'nonce-eng0cmZocW1Lc0dSM3NHaTFZbkN6Y0hrQnZtZDZ6dWtyM1NCTE9kb1VLTT06bkhGK0NteWZIL2pWaTZ5UnZjaWpnNWVnUUt6MmlRK1czaWJ4RzVBaWFORT0=' 'unsafe-eval'”). Source: ondrop attribute on INPUT element. contacts

Server configuration

Operating system: Antergos

Web server: Apache2

Database: MariaDB

PHP version: 7.1

Nextcloud version: git master

Contacts version: git master

Updated from an older Nextcloud or fresh install: yes

List of activated apps:

Enabled:
  - admin_audit: 1.3.0
  - bookmarks: 0.10.1
  - comments: 1.3.0
  - contacts: 2.0.1
  - dav: 1.4.5
  - encryption: 2.0.0
  - federatedfilesharing: 1.3.1
  - federation: 1.3.0
  - files: 1.8.0
  - files_accesscontrol: 1.3.0
  - files_automatedtagging: 1.3.0
  - files_pdfviewer: 1.2.0
  - files_sharing: 1.5.0
  - files_texteditor: 2.5.1
  - files_trashbin: 1.3.0
  - gallery: 18.0.0
  - lookup_server_connector: 1.1.0
  - notifications: 2.1.0
  - oauth2: 1.1.0
  - provisioning_api: 1.3.0
  - serverinfo: 1.3.0
  - socialsharing_diaspora: 1.0.1
  - systemtags: 1.3.0
  - theming: 1.4.1
  - twofactor_backupcodes: 1.2.3
  - twofactor_totp: 1.3.1
  - updatenotification: 1.3.0
  - user_ldap: 1.3.1
  - workflowengine: 1.3.0

Nextcloud configuration:

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAP (same for local users)

Client configuration

Browser: FF 57

Operating system: Antergos

Logs

Nextcloud log (data/nextcloud.log)

nothing relevant

Browser log

Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src 'nonce-eng0cmZocW1Lc0dSM3NHaTFZbkN6Y0hrQnZtZDZ6dWtyM1NCTE9kb1VLTT06bkhGK0NteWZIL2pWaTZ5UnZjaWpnNWVnUUt6MmlRK1czaWJ4RzVBaWFORT0=' 'unsafe-eval'”). Source: ondrop attribute on INPUT element. contacts
@fritteli
Copy link

I'm seeing the exact same error with Nextcloud 12.0.4.

Server configuration

Operating system: Gentoo Linux

Web server: Apache 2.4.27

Database: MySQL

PHP version: 7.1.13

Nextcloud version: 12.0.4

Contacts version: 2.0.1

Updated from an older Nextcloud or fresh install: Migrated from ownCloud 9.1.6

List of activated apps:

Enabled:
  - activity: 2.5.2
  - audioplayer: 2.2.2
  - bruteforcesettings: 1.0.3
  - calendar: 1.5.7
  - comments: 1.2.0
  - contacts: 2.0.1
  - dav: 1.3.0
  - federatedfilesharing: 1.2.0
  - federation: 1.2.0
  - files: 1.7.2
  - files_external: 1.3.0
  - files_external_dropbox: 1.0.0
  - files_pdfviewer: 1.1.1
  - files_sharing: 1.4.0
  - files_texteditor: 2.4.1
  - files_trashbin: 1.2.0
  - files_versions: 1.5.0
  - files_videoplayer: 1.1.0
  - gallery: 17.0.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.0.0
  - news: 11.0.5
  - nextcloud_announcements: 1.1
  - notifications: 2.0.0
  - oauth2: 1.0.5
  - password_policy: 1.2.2
  - provisioning_api: 1.2.0
  - serverinfo: 1.2.0
  - sharebymail: 1.2.0
  - survey_client: 1.0.0
  - systemtags: 1.2.0
  - tasks: 0.9.5
  - theming: 1.3.0
  - twofactor_backupcodes: 1.1.1
  - updatenotification: 1.2.0
  - workflowengine: 1.2.0

Nextcloud configuration:

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: FF 57

Operating system: Gentoo Linux

@skjnldsv
Copy link
Member

This error is not related to a contact edit failure. I have it and everything works on my instance :)

@skjnldsv
Copy link
Member

There is also this onloadedmetadata which needs to be removed.
The ondrop is related to the select2 lib
https://github.com/nextcloud/contacts/blob/master/templates/addressBook.html#L5

@skjnldsv skjnldsv added 1. to develop Accepted and waiting to be taken care of low Low priority labels Feb 13, 2018
@skjnldsv skjnldsv changed the title Cannot edit contacts, CSP error Content Security Policy: The page’s settings blocked the loading of a resource at self Jun 22, 2018
@skjnldsv skjnldsv closed this as completed Oct 2, 2018
@skjnldsv skjnldsv added this to the 3.0.0 milestone Oct 2, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop Accepted and waiting to be taken care of low Low priority
Projects
None yet
Milestone
3.0.0
Development

No branches or pull requests
3 participants
@fritteli @blizzz @skjnldsv