JS does not work after modifying Content Security Policy
Reported by
soumyade...@pearson.com,
Oct 15
|
|||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Steps to reproduce the problem: 1. Added below in HTTP headers for a page hosted in DMZ. Header set Content-Security-Policy "script-src 'self' 'unsafe-inline'; object-src 'self'" 2. Access the page the 'submit' does not work. It works in IE though. What is the expected behavior? The submit button should take user to next page which works perfectly for a IE user. What went wrong? We added Header set Content-Security-Policy "script-src 'self' 'unsafe-inline'; object-src 'self'" in httpd.conf Did this work before? N/A Chrome version: 69.0.3497.100 Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: I need to know a CSP with values which works on Chrome.
,
Oct 16
soumyadeb.pal@Thanks for filing the issue... @Reporter: It would be really helpful if a sample URL/Test file is provided, so that we can investigate the issue further. If possible provide screencast for better triaging it. Thanks..!
,
Oct 16
We do not have a internet facing test/sample URL. I'll attach a screenshot but not sure wheather it will help , it does not show any error , after click on submit button...it does not do anything....there is no response , no errors.
,
Oct 16
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 16
,
Oct 25
@Reporter: As mentioned in Comment#3, Could you please share the screencast explaining the issue. Requesting you to check the same with a new profile without any apps & extensions and let us know if the issue still persists. Thanks!
,
Oct 25
Attached the screenshot...removed the any information like customer details from it. For an end user, when she clicks on next. It does not move forward. But same page , same application , same user is able to do from other Browser. This all started after we entered below in httpd.conf file: Header set Content-Security-Policy "script-src 'self' 'unsafe-inline'; object-src 'self'"
,
Oct 25
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 5
this doesn't appear to be related to a bug in chromium, but an incorrect CSP. Please refer to the error message in the js console to debug this further |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by vamshi.kommuri@chromium.org
, Oct 16