Allow Users to Specify Alternate Sources for Content-Security Policy #3808
Comments
|
Not a Cacti bug, but a bug within how the plugin works I believe. Also duplicate of Cacti/plugin_gpsmap#12 |
|
Not a duplicate exactly, it's not the same plugin. But I would love to have some input, to find the bug on this (my) plugin !! and you can find the whole code here: It was working fine before the security-contend, and I know I'm way far from THE developer in PHP and web app, but willing to learn! So any input you can give me is welcome |
|
We've got a but like this in the main Cacti issue tracker as well. I'm going to add another setting to loosen the security restrictions. Might have it done tonight. We'll see. |
|
Looking through the spec's again, we may have to allow one to many origin's outside of 'self'. Basically make it a configuration option. |
TheWitness
changed the title
Allow Users to Specify Alternate Sources for Content-Security Policy
|
Hopefully, this is self explanatory. |
TheWitness
added
resolved
|
Almost good |
|
Okay, test again. |
|
Yup perfect thanks for your prompt action |
|
I'm facing this same issue in Debian Buster will this fix make it into buster-backports? |
|
You need to direct this to @paulgevers. |
|
@squad1534 yes it will, once there is a new cacti release, I packaged it for unstable, the package migrates to testing (and somebody pings me ;) ) |
|
@paulgevers, we have been delaying the 1.2.15 for a bit now picking up a few additional bugs here and there. There are a number of users and companies testing the 1.2.x branch. I think we are pretty close right now. When @netniV thinks we are ready, we will pull the trigger. |
|
I am thinking next weekend would be good. Most things seem to have calmed down again. |
|
That works for me!
…On Sun, Oct 25, 2020, 09:26 Mark Brugnoli-Vinten ***@***.***> wrote:
I am thinking next weekend would be good. Most things seem to have calmed
down again.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#3808 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADGEXTEBHW6I7NRPCGXHU33SMQRRHANCNFSM4RO5KNFA>
.
|
|
Sounds great, thanks Devs! |
This is a partial rollback of issue #3808 due to negative impact it has on both GUI and Data Collector performance.
Describe the bug
Using a call to an external javascript, can't be executed due to configuration of contend-security to tigth
To Reproduce
I'm using a Mapping plugin who do a call on the following url:
https://unpkg.com/[email protected]/dist/leaflet.css
https://unpkg.com/[email protected]/dist/leaflet.js
it's openstreet map componnents, and it give the following error:
Content Security Policy: The page settings prevented a resource from loading at https://unpkg.com/[email protected]/dist/leaflet.css ("style-src").
Content Security Policy: The page settings prevented a resource from loading at https://unpkg.com/[email protected]/dist/leaflet.js ("script-src").
it's on Cacti 1.2.14 but it's like that since the dev team added contewnt-security.
And i try on Firefox and IE.
I try the Console > Configuration > Setting > General
Called: Allow Unsafe JavaScript eval() calls
Set that to Yes.
but that dosen't change anything.
And I have no clue ho to solve that and what to change to apply on the current content-security settings
The text was updated successfully, but these errors were encountered: