[NXP-23912] Fix Content Security Policy header - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 9.3
Fix Version/s: 9.10
Component/s: Web Common

Tags:
Sprint:
nxcore 9.10.2
Story Points:
0

Description

The plugin https://github.com/nuxeo-sandbox/nuxeo-pdfannotation-viewer stopped working on 9.3 because of a csp header error

Refused to load the image 'blob:https://dam-solution-93.cloud.nuxeo.com/f93bc753-6320-45be-8953-ec3c538437bc' because it violates the following Content Security Policy directive: "img-src * data:".

Adding the following contrib in studio solved the issue after a restart

 <require>org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib</require>
    <extension target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService"
    point="responseHeaders">
    <header name="Content-Security-Policy">img-src data: blob: *; default-src * blob:; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *</header>
  </extension>

Attachments

Issue Links

is related to

NXP-23672 Image not previewed with Google Drive and Live Connect

Resolved

NXP-23989 fix broken PDF preview display Content Security Policy - Dependent image isn't ready yet

Resolved

Activity

People

Assignee:

Florent Guillaume

Reporter:

Michaël Vachette

Participants:

Florent Guillaume, Jenkins, Michaël Vachette

Votes:

1 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2017-12-08 21:06

Updated:

2018-01-14 13:58

Resolved:

2017-12-08 22:39

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

15m