Uploaded image for project: 'Nuxeo Web UI'
  1. Nuxeo Web UI
  2. WEBUI-1486

Revert CSP changes of WEBUI-1446

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.1.6
    • Fix Version/s: 3.1.7
    • Component/s: Web UI

      Description

      WEBUI-1446 was introduced by accident in the latest release. This change brings a stricter CSP header policy configuration which makes the application more secure by default, but could break existing Web UI applications.

       

      Customers running into this problem may see errors when the nuxeo-filter expression is evaluated, such as:
       

      TypeError: Cannot read property 'UI' of undefined in <nuxeo-filter> expression "user && user.properties && user.properties.groups && (user.isAdministrator || user.properties.groups.includes(window.Nuxeo.UI.config.props.exceptionmanagers))"

       

      TypeError: Cannot read property 'href' of undefined in <nuxeo-filter> expression "window.location.href.includes('search')"

       

      As part of our policy, breaking changes should not be introduced without sufficient notice and this change needs to be reverted.  

       

      AC

        Attachments

          Issue Links

          is related to

          Task - A task that needs to be done. NXDOC-2657 Release notes for Web UI 3.1.7

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link https://github.com/nuxeo/nuxeo-web-ui/pull/2219

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: