Open johnjohndoe opened 7 months ago
Thanks for the report! The good news: the feedback was reported it seems. This must be related to my last changes (making the feedback visible to the speakers).
The issue seems to stem from the redirect after the submission happened. Chrome will not do that, firefox will. In both cases data is recorded.
Can the form-action redirect to another url?
This question is currently debated, and as a result browser vendors have different implementations regarding what happens when a form is redirected to a different url.
Form data can be sent to the redirected url if the HTTP status code is 307 or 308, which makes the redirect potentially sensitive.
Currently Firefox allows the redirect, while Chrome and Safari will block them.
from https://content-security-policy.com/form-action/
so we should probably allow also https://fosdem.org in form-action
This was now solved by adding to pretalx.cfg
csp_form='self',https://fosdem.org
Not yet closing the issue because I did that outside ansible
This must be related to my last changes (making the feedback visible to the speakers).
That was likely not the case, I only tested using firefox, so probably this was like that from the start.
I tried to give feedback to https://fosdem.org/2024/schedule/event/fosdem-2024-3472-switching-the-fosdem-conference-management-system-to-pretalx/
This fails and the following error message pops up in the browser dev console:
Brave Version 1.62.162 Chromium: 121.0.6167.164 (Official Build) (64-bit)