You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a issue with Content Security Policy set in ownnote application that at least happens in Firefox 59 (Nightly) browser.
By default when I try to open edit form for some note CSP (through dev tools) looks like this default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-enFqb0M3QjdsYnlqWFdxVGY2cDJPUEdZbGxCNlVaMm5Oc3pBdW9INmtvbz06aCtXYmF0cyt3UHYxTDFLOEc4c1NDb2VwOFNBNWFONldXWUdZNnVpTzBNQT0=' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
So there is a lot of error messages in browser console like this. Content Security Policy: The page’s settings blocked the loading of a resource at https://[server name]/nextcloud/apps/ownnote/js/tinymce/plugins/autoresize/plugin.min.js (“script-src 'nonce-Mlp3OFBpQk12YzhobVpXV1FlOXRmc0pkb0VpMEF4SElmWFRERkNlVGR1ND06a05GUFgwc0o2SWgzNjYyNUpZNEpUTFJzeHpqM09sTDVFam1iUkU3bk5LUT0=' 'unsafe-eval'”).
And edit form/controls/UI not loaded/empty
I have found a workaround that if to change browsers useragent string to for example this one Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.2.2 Waterfox/55.2.2
then nonce parameter dissapears from the CSP default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
and notes opens in edit mode correctly.
The text was updated successfully, but these errors were encountered:
Hello.
There is a issue with Content Security Policy set in ownnote application that at least happens in Firefox 59 (Nightly) browser.
By default when I try to open edit form for some note CSP (through dev tools) looks like this
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-enFqb0M3QjdsYnlqWFdxVGY2cDJPUEdZbGxCNlVaMm5Oc3pBdW9INmtvbz06aCtXYmF0cyt3UHYxTDFLOEc4c1NDb2VwOFNBNWFONldXWUdZNnVpTzBNQT0=' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'So there is a lot of error messages in browser console like this.
Content Security Policy: The page’s settings blocked the loading of a resource at https://[server name]/nextcloud/apps/ownnote/js/tinymce/plugins/autoresize/plugin.min.js (“script-src 'nonce-Mlp3OFBpQk12YzhobVpXV1FlOXRmc0pkb0VpMEF4SElmWFRERkNlVGR1ND06a05GUFgwc0o2SWgzNjYyNUpZNEpUTFJzeHpqM09sTDVFam1iUkU3bk5LUT0=' 'unsafe-eval'”).And edit form/controls/UI not loaded/empty
I have found a workaround that if to change browsers useragent string to for example this one
Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.2.2 Waterfox/55.2.2then nonce parameter dissapears from the CSP
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'and notes opens in edit mode correctly.
The text was updated successfully, but these errors were encountered: