Uploaded image for project: 'Nuxeo Enhanced Viewer'
  1. Nuxeo Enhanced Viewer
  2. NEV-564

Unable to load Annotations tab due to stricter CSP

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 10.6.11
    • Fix Version/s: None
    • Component/s: ARender

      Description

      When a stricter CSP is used, the Annotations tab does not load.
      See errors like the following

      Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src ...  Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

      in the browser console

      Example CSP

      Content-Security-Policy "img-src data: blob: persistent-bucket-here app-vip-name-here; default-src blob: persistent-bucket-here *.company.com; script-src data: app-vip-here; style-src 'unsafe-inline' *.company.com; font-src data: *; connect-src persistent-bucket-here transient-bucket-here *.company.com; media-src persistent-bucket-here *.company.com";

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. WEBUI-478 File upload with stricter CSP causes browser console errors

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link TMAPR-4715 - ARender doesn't load with strict CSP rules

          Web Link TMAPR-4748 - ARender doesn't load with strict CSP rules

          mentioned in

          Page Loading...

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: