liayn
commented
1 year ago That's not your fault. New feature in 12.3
That needs a fix in mask.
Closed ghost closed 1 year ago
liayn
commented
1 year ago That's not your fault. New feature in 12.3
That needs a fix in mask.
ghost
commented
1 year ago @liayn thanks for hint. can i disable security.backend.enforceContentSecurityPolicy temporary. Hope it's not effect other typo3 12.3 functionality.
nhovratov
commented
1 year ago Yes, CSP is blocking things like new Function('return this'), which is used in VueJs, which I can't control. So there is no other way besides to disable security.backend.enforceContentSecurityPolicy.
liayn
commented
1 year ago Can't we ship a custom CSP rule (yaml or php) to adjust the headers accordingly?
nhovratov
commented
1 year ago @liayn I'm not familiar with this. If you have an idea on how to fix this, could you provide a PR?
liayn
commented
1 year ago Did not try it yet, but I have https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/12.3/Feature-99499-IntroduceContent-Security-PolicyHandling.html#extension-specific in mind
nhovratov
commented
1 year ago Did not try it yet, but I have https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/12.3/Feature-99499-IntroduceContent-Security-PolicyHandling.html#extension-specific in mind
Thanks, I could solve it after learning a bit about CSP. Well, it is solved by allowing unsafe eval executions in the backend. To mitigate it, I would need to convert all remaining Fluid templates to native VueJs Templates. This is out of scope for now.
I ma using typo3 version 12.3.0 and mask 8.0.8. In backend mask module is not showing. see below attachment
I see error in console.
Content Security Policy of your site blocks the use of 'eval' in JavaScriptcan you please help me? where i can wrong?
@nhovratov