You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2021/12/13 18:22:00 UTC
[jira] [Commented] (OFBIZ-12423) Font used with Helvetica theme generates CSP violations
[ https://issues.apache.org/jira/browse/OFBIZ-12423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458604#comment-17458604 ]
Jacques Le Roux commented on OFBIZ-12423:
-----------------------------------------
Hi Pierre, would you mind make this issue a subtask of OFBIZ-12276?
BTW I'm not sure what the problem is there, any ideas?
> Font used with Helvetica theme generates CSP violations
> -------------------------------------------------------
>
> Key: OFBIZ-12423
> URL: https://issues.apache.org/jira/browse/OFBIZ-12423
> Project: OFBiz
> Issue Type: Bug
> Components: themes
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Priority: Major
> Labels: CSP, trust, usability
>
> The font used by the Helvetica theme generates multiple CSP violations according to the inspector in the Firefox browser. See below.
> {code:java}
> Content Security Policy: The page’s settings observed the loading of a resource at inline (“default-src”). A CSP report is being sent. 3 EditTaxAuthority
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent.
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. 4
> Content Security Policy: The page’s settings observed the loading of a resource at inline (“default-src”). A CSP report is being sent. EditTaxAuthority
> Cookie “auth_tkt” will be soon treated as cross-site cookie against “https://localhost:8443/helveticus/js/helveticus.js” because the scheme does not match. helveticus.js
> Cookie “auth_tkt” will be soon treated as cross-site cookie against “https://localhost:8443/accounting/control/EditTaxAuthority?taxAuthPartyId=AUT_BMF&taxAuthGeoId=AUT” because the scheme does not match. 2 EditTaxAuthority
> Cookie “auth_tkt” will be soon treated as cross-site cookie against “https://localhost:8443/helveticus/js/OfbizUtil.js” because the scheme does not match. OfbizUtil.js
> Cookie “auth_tkt” will be soon treated as cross-site cookie against “https://localhost:8443/images/favicon-96.png” because the scheme does not match. favicon-96.png
> Cookie “auth_tkt” will be soon treated as cross-site cookie against “https://localhost:8443/images/favicon-32.png” because the scheme does not match. favicon-32.png
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 (“default-src”). A CSP report is being sent. resource:517:31
> Content Security Policy: The page’s settings observed the loading of a resource at https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 (“default-src”). A CSP report is being sent. {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)