Le 2011-09-25 11:37, Piotr Przybylski a écrit :
2011/9/25 Marc Delisle marc@infomarc.info:
Le 2011-09-25 06:18, Marc Delisle a écrit :
Le 2011-09-24 14:30, Rouslan Placella a écrit :
On Sat, 2011-09-24 at 10:54 -0400, Marc Delisle wrote:
Hi,
In the 3.4 family (QA_3_4) running on my test server, when testing the Designer and clicking on "Show/hide left menu", nothing happens except that my Firefox 6 console complains about a Content Security Policy violation.
On the same server, trying version 3.5 (master) works fine. Both version have in libraries/header_http.inc.php the line that emits a X-Content-Security-Policy header.
In 3.4, if I remove this line, all works fine.
Yes, I can reproduce this, exactly as you have described it. [PHP 5.3.5, Firefox 6.0.2, Ubuntu 11.04]
Rouslan
Thanks. I just noticed that it has been reported in the bug tracker: https://sourceforge.net/tracker/index.php?func=detail&aid=3324161&gr...
A remark in the artifact made me test this bug under IE 8 and there is no problem; it probably does not care about this header.
Piotr, any idea about this issue?
(see commit 612598fe7fbc6c6cf6305a798e9b48b435ea7a91)
Looks like it's caused by CSP specs change: https://bugzilla.mozilla.org/show_bug.cgi?id=631040
Instead of changing our security policy I removed all remaining "javascript:" links in QA_3_4.
Good fix, thanks.