Page 1 of 1
inline violated CSP script-src Error after upgrade to 1.34.16
Posted: Thu Jul 09, 2020 6:50 am
by gruiarew
Hi,
I recently upgraded to 1.34.16, directly from repo (apt-get on Debian 10). I'm seeing in the logs all the time: "inline violated CSP script-src". How can I get more info on what is this? Don't know where to look at. Sorry!
Re: inline violated CSP script-src Error after upgrade to 1.34.16
Posted: Thu Jul 09, 2020 8:16 pm
by iconnor
It means that somewhere we have something like onclick="do_something". This is old style way of doing things and is no longer considered secure. I am slowly finding and fixing them. They aren't really anything to worry about right now. They shouldn't be happening too often though.
I know I just found a bunch in the zone editing code and I will have them fixed for 1.34.17.
Re: inline violated CSP script-src Error after upgrade to 1.34.16
Posted: Fri Jul 10, 2020 9:42 am
by gruiarew
Thank you!
Re: inline violated CSP script-src Error after upgrade to 1.34.16
Posted: Sun May 02, 2021 4:17 pm
by SkippyDo
Upgraded to 1.34.25 and am now (first time ever) getting similar errors (non-stop logging happening). Also Debian 10.
Component: web_js
Level: ERR
Message: inline violated CSP script-src
File: zm/index.php
Line: 1
Re: inline violated CSP script-src Error after upgrade to 1.34.16
Posted: Fri Mar 10, 2023 2:28 pm
by ZMfan
1.36.32
web_js,,14521,ERR,"inline violated CSP script-src-attr",moz-extension,595
Re: inline violated CSP script-src Error after upgrade to 1.34.16
Posted: Fri Mar 10, 2023 4:23 pm
by iconnor
You have an extension that is causing this. We do not allow external accesses for security reasons.