CSP violation: cannot login with MS Edge

Erudika / scoold-pro

Cloud-ready Q&A platform for the enterprise (self-hosted, on premise)

https://scoold.com

Other

7 stars 0 forks source link

CSP violation: cannot login with MS Edge #33

Closed b-morgenthaler closed 4 years ago

b-morgenthaler commented 4 years ago

Hi,

since version 1.37.1 of Scoold Pro, it's not possible to log in with MS Edge (44.17763.831.0) because of a CSP violation. Previous versions worked fined. CSP violation E-Mails get send (26x) with following content. If you need the real URLs/hostnames, just let me know. I will forward the original E-Mail to you privately.

In the log file there's no output regarding this issue (didn't enable debug log, though).

Anmerkung 2020-03-27 115619

Anmerkung 2020-03-27 120000

albogdano commented 4 years ago

I am aware of that. Unfortunately Scoold won't support Edge prior to version 80. The old Edge is now considered obsolete. The workaround here is to disable the CSP completely with para.csp_header_enabled = false.

b-morgenthaler commented 4 years ago

Ok. I think I missed the part where older Edge versions are not supported. Do you have a link where the supported browsers are listed?

albogdano commented 4 years ago

Yes, here's the list of supported browsers implementing CSP3: https://caniuse.com/#feat=mdn-http_headers_csp_content-security-policy_strict-dynamic

albogdano commented 4 years ago

Fixed by changing the CSP header slightly.