Hi,
I recently upgraded to 1.34.16, directly from repo (apt-get on Debian 10). I'm seeing in the logs all the time: "inline violated CSP script-src". How can I get more info on what is this? Don't know where to look at. Sorry!
inline violated CSP script-src Error after upgrade to 1.34.16
Re: inline violated CSP script-src Error after upgrade to 1.34.16
It means that somewhere we have something like onclick="do_something". This is old style way of doing things and is no longer considered secure. I am slowly finding and fixing them. They aren't really anything to worry about right now. They shouldn't be happening too often though.
I know I just found a bunch in the zone editing code and I will have them fixed for 1.34.17.
I know I just found a bunch in the zone editing code and I will have them fixed for 1.34.17.
Re: inline violated CSP script-src Error after upgrade to 1.34.16
Upgraded to 1.34.25 and am now (first time ever) getting similar errors (non-stop logging happening). Also Debian 10.
Component: web_js
Level: ERR
Message: inline violated CSP script-src
File: zm/index.php
Line: 1
Component: web_js
Level: ERR
Message: inline violated CSP script-src
File: zm/index.php
Line: 1
Re: inline violated CSP script-src Error after upgrade to 1.34.16
1.36.32
web_js,,14521,ERR,"inline violated CSP script-src-attr",moz-extension,595
web_js,,14521,ERR,"inline violated CSP script-src-attr",moz-extension,595
Re: inline violated CSP script-src Error after upgrade to 1.34.16
You have an extension that is causing this. We do not allow external accesses for security reasons.