Closed s-rosenfeld closed 1 year ago
Romankornfeld
commented
1 year ago same here.
To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings. If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive. ⚠️ Allowing string evaluation comes at the risk of inline script injection.
cadviewer_8.40.2.min.js:2 | script-src | blockiert
s-rosenfeld
commented
1 year ago same here.
To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings. If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive. warning Allowing string evaluation comes at the risk of inline script injection.
cadviewer_8.40.2.min.js:2 | script-src | blockiert
Where and how to do it? All my experiments with apache config directive "Header set Content-Security-Policy ..." failed :(
CADViewer
commented
1 year ago @Romankornfeld , @s-rosenfeld , cadviewer_8.40.2 is our main class for visualizing content, we need to run through this class on source code level and rewrite any occurances of the specific methods listed above. @s-rosenfeld , can you show the content of the info console up to the error? You have CADViewer opening in screenshot above, and we would like to see the info-trace up to where the error occurs. thanks!
s-rosenfeld
commented
1 year ago @Romankornfeld , @s-rosenfeld , cadviewer_8.40.2 is our main class for visualizing content, we need to run through this class on source code level and rewrite any occurances of the specific methods listed above. @s-rosenfeld , can you show the content of the info console up to the error? You have CADViewer opening in screenshot above, and we would like to see the info-trace up to where the error occurs. thanks!
This is log after click on simple dwg file. Console log levels: Info & Errors
s-rosenfeld
commented
1 year ago @Romankornfeld , @s-rosenfeld , cadviewer_8.40.2 is our main class for visualizing content, we need to run through this class on source code level and rewrite any occurances of the specific methods listed above. @s-rosenfeld , can you show the content of the info console up to the error? You have CADViewer opening in screenshot above, and we would like to see the info-trace up to where the error occurs. thanks!
This is log after click on simple dwg file. Console log levels: Info & Errors
ping
CADViewer
commented
1 year ago @s-rosenfeld , hello. So we have installed on two servers 25.0.4 and CADViewer works fine in the base version. The issue is the CSP, you have in place. You have moved data to root level, but we don't get to the point where we can test implications of that yet. We are looking to: 1) emulate the CSP and 2) adding a script source directive to overwrite on the component and 3) update the code for injections. Can we use your help for testing? Please let us know, write: developer@tailormade.com
CADViewer
commented
1 year ago CSP issue is solved in version CADViewer v8.59.19
Found issues: 1) No background in Files app on my Nextcloud 25.0.4 after activate CADViewer 2) CADViewer doesn't working, console contains follow messages:
Is it possible to fix it? PLEASE :)