pagure

Clone

#4860 Add access to project: groups drop-down broken.
Opened 3 years ago by jtagcat. Modified 3 years ago

Open
Close issue as:
Invalid Insufficient data Fixed Duplicate Won't Fix

Can't click it, when the text box is selected. When attempting to click it, it doesn't work.

/project-slug/addgroup

https://youtu.be/5BWIn4HyegQ

do you by any chance a plugin on your browser that prevents the ajax query from completing?

By a significant chance, but no idea what exactly. Firefox is also configured to be quite strict.

I'm also running firefox and I do not see this issue.

Do you have anything in your web console (press the F12 key in firefox to see it).
Edited 3 years ago by pingou 
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
This page uses the non standard property “zoom”. Consider using calc() in the relevant property values, or using “transform” along with “transform-origin: 0 0”. addgroup
Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). common.js:2:319
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). content-hooks-frames.js:62:42
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 2 utils.js:35:9
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). content_script.js:119:34
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“style-src”). HintRenderer.js:164:14
SingleFile is hooking the IntersectionObserver API to detect and load deferred images. content-hooks-frames-web.js:300:10

is CSP_HEADERS defined on that instance? could we see it?

default value does not have unsafe-inline on it: https://pagure.io/pagure/blob/master/f/pagure/default_config.py#_632-639. this seems a downstream configuration problem.
Edited 3 years ago by jlanda

Using pagure.io as the instance.

Using pagure.io as the instance.

pagure.io does not have unsafe-inline on the content security policy header:
https://pagure.io/fedora-infra/ansible/blob/master/f/roles/pagure/frontend/templates/pagure.cfg#_437-448
and

curl -I https://pagure.io
HTTP/1.1 200 OK
Date: Mon, 10 Aug 2020 11:59:07 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5
Content-Security-Policy: default-src 'self';script-src 'self' 'nonce-zTQwUfpmlUorrdmvKm6YDGv3E'; style-src 'self' 'nonce-token'; object-src 'none';base-uri 'self';img-src 'self' https:;connect-src 'self' https://pagure.io:8088;frame-src https://docs.pagure.org;frame-ancestors https://pagure.io;

just tried on pagure.io with a clean mozilla profile w/o extensions and I don't have those errors on console, just the non-standard zoom warning:

My console output on https://pagure.io/pagure-highlightjs-line-numbers.js/addgroup

Orri honek "zoom" propietate ez-estandarra erabiltzen du. Horren ordez, saiatu calc() erabiltzen dagozkien propietate-balioetan edo bestela erabili "transform" eta "transform-origin: 0 0".

Something is changing the content-security-policy on your side, don't know what else.
An extension?
Edited 3 years ago by jlanda

Add-Ons that I have, that mess with the site:
- uBlock Origin
- Privacy Badger
- ClearURLs
- Decentraleyes
- HTTPS Everywhere

I also have many about:config configurations mainly from PrivacyTools.io.

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.