New issue
Advanced search Search tips

Issue 880815 link

Starred by 0 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Sep 5
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

Refused to apply inline style because it violates the following Content Security Policy directive:

Reported by wan.he...@gmail.com, Sep 5

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36

Steps to reproduce the problem:
1. I Had many SHA hash to bypass inline style at my website https://karangploso.jatim.bmkg.go.id/ and I had my SHA hash at style-src complete at my apache header and my meta tag http-equiv, 
but why i got error at console at google chrome browser version Version 69.0.3497.81 (Official Build) (64-bit) and the newest chrome bowser for android ?
and that sugesstion from chrome console was found  at my header and my meta tag,

and google chrome browser cannot apply inline style with exisiting SHA hash header and meta tag http-equiv at style-src

the problem didnt show up at Vivaldi version 1.15.1147.64 console and Google Chome Browser Version Version 68.0.3440.106 (Official Build) (64-bit)

What is the expected behavior?
please give me advised

What went wrong?
chrome console reproduce error apply inline style for SHA hash at style-src

Did this work before? N/A 

Chrome version: 69.0.3497.81  Channel: stable
OS Version: 10.0
Flash Version: 

https://securityheaders.com/?q=https%3A%2F%2Fkarangploso.jatim.bmkg.go.id%2F&followRedirects=on

https://csp-evaluator.withgoogle.com/
 
karangploso.jatim.bmkg.go.id-1536152742056.log
1.7 MB View Download
Status: WontFix (was: Unconfirmed)
Hi! I'm not sure why you are getting those errors. This specific bug tracker is for security bugs that affect Chrome users, as opposed to issues with certain websites.

Does this same behavior occur on other browsers? If so, maybe try StackOverflow or a similar forum. For now I'm going to close this as WontFix, feel free to respond again if you think this is a Chrome-specific issue.
Project Member

Comment 2 by sheriffbot@chromium.org, Dec 13

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment