[Bug] Icon Library Problems

[fashxp]

Pimcore version

2024.2

Steps to reproduce

open icon library

Actual Behavior

• JS errors when opening
  

• click on icons with green border has no effect
  

• click on icon does not copy path to clipboard

Expected Behavior

no errors...

[kingjia90]

mhh, weird, all the listed problems are originated by jQuery being somehow blocked by buttons.github.io/buttons.js.

So it is only broken on debug mode as per
https://github.com/pimcore/admin-ui-classic-bundle/blob/fa2d03aaeb4787e1813f71f6a7ec58b28cd820cb/templates/admin/login/layout.html.twig#L45-L50

On demo seems working fine

(by opening icon library when editing a data object class) and even locally on dev mode

[kingjia90]

But the mentioned github button is appearing only on login page, not sure how it can be reproduced, looks like it is logging out/expiring session somehow on some icon and it's in-lining the login page content instead of the image or things like that.

I see a i am content script in the console log, is it part of some front end tests?

[fashxp]

Hmm problem appreared in fresh installation of skeleton in prod env

[podarcis]

The error output regarding GitHub buttons JavaScript is misleading - it's just the CSP header's value.

I think the reason for this error is that the icon-list template includes the jQuery lib from external source, but the URL is not listed in CSP allow list:

<script
    src="https://code.jquery.com/jquery-3.7.1.min.js"
    integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo="
    crossorigin="anonymous"></script>

https://github.com/pimcore/admin-ui-classic-bundle/blob/v1.5.1/templates/admin/misc/icon_list.html.twig#L127

        self::SCRIPT_OPT => [
            'https://buttons.github.io/buttons.js', // GitHub star button on login page
        ],

https://github.com/pimcore/admin-ui-classic-bundle/blob/v1.5.1/src/Security/ContentSecurityPolicyHandler.php#L57

So a quick fix could be to include the jQuery CDN as well in der CSP.