You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2022/12/23 11:28:00 UTC

[jira] [Closed] (OFBIZ-12423) Font used with Helveticus theme generates CSP violations

     [ https://issues.apache.org/jira/browse/OFBIZ-12423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-12423.
-----------------------------------
      Assignee: Jacques Le Roux
    Resolution: Cannot Reproduce

There is not enough information to reproduce. I tried EditTaxAuthority page as it was at the top of the log provided

> Font used with Helveticus theme generates CSP violations
> --------------------------------------------------------
>
>                 Key: OFBIZ-12423
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12423
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: themes/helveticus
>    Affects Versions: Trunk, Upcoming Branch
>            Reporter: Pierre Smits
>            Assignee: Jacques Le Roux
>            Priority: Major
>              Labels: CSP, trust, usability
>
> The font used by the Helvetica theme generates multiple CSP violations according to the inspector in the Firefox browser. See below.
> {code:java}
> Content Security Policy: The page’s settings observed the loading of a resource at inline (“default-src”). A CSP report is being sent. 3 EditTaxAuthority
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. 4 
> Content Security Policy: The page’s settings observed the loading of a resource at inline (“default-src”). A CSP report is being sent. EditTaxAuthority
> Cookie “auth_tkt” will be soon treated as cross-site cookie against “https://localhost:8443/helveticus/js/helveticus.js” because the scheme does not match. helveticus.js
> Cookie “auth_tkt” will be soon treated as cross-site cookie against “https://localhost:8443/accounting/control/EditTaxAuthority?taxAuthPartyId=AUT_BMF&taxAuthGeoId=AUT” because the scheme does not match. 2 EditTaxAuthority
> Cookie “auth_tkt” will be soon treated as cross-site cookie against “https://localhost:8443/helveticus/js/OfbizUtil.js” because the scheme does not match. OfbizUtil.js
> Cookie “auth_tkt” will be soon treated as cross-site cookie against “https://localhost:8443/images/favicon-96.png” because the scheme does not match. favicon-96.png
> Cookie “auth_tkt” will be soon treated as cross-site cookie against “https://localhost:8443/images/favicon-32.png” because the scheme does not match. favicon-32.png
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. resource:517:31
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)