search

5-Software-Systems / e-portfolio

The project for COMP30022 is to develop a personal ePortfolio system. The ePortfolio system must be capable of allowing you to submit individual guest lecture reports and end-of-subject individual reflections that are requirements in COMP30022, as well as a team report. You will be assigned a client in addition, specifically a Masters student (or group of Masters students) studying SWEN90016. The Masters students will be assigned in Week 3 of the semester.
0 stars 1 forks source link

build issues #161

Closed fraser-langton-student closed 4 years ago

fraser-langton-student commented 4 years ago

Build is rendering a blank page on master, chrome console says:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-PK0+oytTbAxJr7VkjNUTdksxXhVyVzLKR6UrHreRNAA='), or a nonce ('nonce-...') is required to enable inline execution.

@NDoolan360 @fwongkwok @calvinsagar

fraser-langton-student commented 4 years ago

https://stackoverflow.com/questions/58679165/problem-chrome-content-security-policy-react-extension-manifest

NDoolan360 commented 4 years ago

closed by commit a15afbd, in essence because the front end javascript uses inline scripting (i.e. onClick={() => {do_something();}}) we were blocking our own scripts from rendering. I have resolved it by removing the content-security policy that disables inline scripting however this exposes the site XSS attacks. Could fix in the future by removing our inline scripts then re-enabling script-src 'self' in the csp meta tag in index.