Project

General

Profile

Actions
Copy link

Bug #26358

open

CSP violation in archive management related to the status tab

Added by Clark ANDRIANASOLO 9 days ago. Updated 4 days ago.

Status:
New
Priority:
2
Assignee:
Clark ANDRIANASOLO
Category:
-
Target version:
8.2.5
Pull Request:
Severity:
Trivial - no functional impact | cosmetic
UX impact:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Medium
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

We have a Content Security Policy violation, probably introduced by #25733 :

It causes an error in the browser console, but seem to cause no change in behavior, the Status tab and the Archives page work just fine.

This may be due to the the async loading of the Status tab, which prevent the same nonce to be reused on the same page, it may be not so trivial to solve since we use an Actor system with its own lifecycle, and that the nonce is generated under a RequestVar :

Files

Download all files
Screenshot from 2025-02-14 15-07-25.png (25.7 KB) Screenshot from 2025-02-14 15-07-25.png Clark ANDRIANASOLO, 2025-02-14 15:19
clipboard-202502141520-nqtl0.png (51.8 KB) clipboard-202502141520-nqtl0.png Clark ANDRIANASOLO, 2025-02-14 15:20

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #25733: Add timezone and refresh seconds in deployment statusReleasedRaphael GAUTHIERActions
Actions
Copy link
 #1

Updated by Clark ANDRIANASOLO 9 days ago

  • Priority changed from N/A to To review
Actions
Copy link
 #2

Updated by Clark ANDRIANASOLO 9 days ago

  • Related to Bug #25733: Add timezone and refresh seconds in deployment status added
Actions
Copy link
 #3

Updated by Alexis Mousset 4 days ago

  • Priority changed from To review to 2
Actions
Copy link

Also available in: Atom PDF