Uploaded image for project: 'Openmeetings'
  1. Openmeetings
  2. OPENMEETINGS-2647

Content Security Policy Errors/Warning

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 6.1.0
    • 6.3.0
    • UI
    • None

    Description

       The Webconsole shows several errors/warings with

      "Content Security Policy violations".

       

      Seems this could be the reason, that on Windows and Firefox 88 in a rooms the upper left menu bar is not visible, so exit and the other menu items are not accessabe..

      Chrome:

      jquery-3.6.0-ver-7B432A70897DCD6A8F6D26413CDF1916.js:2 Refused to load the stylesheet 'https://132.145.244.181:5443/openmeetings/group/customcss/2' because it violates the following Content Security Policy directive: "style-src 'nonce-vi6tcS3Be_DzYEa6oQBtUKmN' https://fonts.googleapis.com/css". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.

       

      Firefox 90.2 (Linux):
      20:28:30.415 Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf https://132.145.244.181:5443/openmeetings/group/customcss/2 blockiert ("style-src"). jquery-3.6.0-ver-7B432A70897DCD6A8F6D26413CDF1916.js:2:50992
      20:28:30.441 Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf data:video/webm;base64,GkXfowEAAAAAAAAfQ… blockiert ("media-src").

       

       

      Firefox 91 (Win10):

       

      Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf https://132.145.244.181:5443/openmeetings/group/customcss/2 blockiert ("style-src"). jquery-3.6.0-ver-7B432A70897DCD6A8F6D26413CDF1916.js:2:50992

      Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf data:video/webm;base64,GkXfowEAAAAAAAAfQ… blockiert ("media-src").

      Alle Kandidaten für die Ressource konnten nicht geladen werden. Medien-Laden pausiert. openmeetings

      Uncaught (in promise) DOMException: The play method is not allowed by the user agent or the platform in the current context, possibly because the user denied permission.

       

      Uncaught (in promise) DOMException: The play method is not allowed by the user agent or the platform in the current context, possibly because the user denied permission. room-ver-F5422CD81838B3A9C3207DE3749ACB49.js:1:22151

          value https://132.145.244.181:5443/openmeetings/wicket/resource/org.apache.openmeetings.web.room.RoomPanel/room-ver-F5422CD81838B3A9C3207DE3749ACB49.js:1

          (Async: promise callback)

          value https://132.145.244.181:5443/openmeetings/wicket/resource/org.apache.openmeetings.web.room.RoomPanel/room-ver-F5422CD81838B3A9C3207DE3749ACB49.js:1

          load https://132.145.244.181:5443/openmeetings/wicket/resource/org.apache.openmeetings.web.room.RoomPanel/room-ver-F5422CD81838B3A9C3207DE3749ACB49.js:1

          <anonym> https://132.145.244.181:5443/openmeetings/#room/7 line 1 > injectedScript:71

          <anonym> https://132.145.244.181:5443/openmeetings/#room/7 line 1 > injectedScript:71

          jQuery 55

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            solomax Maxim Solodovnik
            uwesimon Uwe Simon
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment