Closed dankocolNPS closed 2 years ago
Hi. We are aware of this limitation. There are a couple workarounds documented here: https://www.ssa.gov/accessibility/andi/help/faq.html#wontLaunch
Thank you for the quick reply-
Unfortunately the workarounds are also not available the web extension for "Disable Content-Security-Policy extension" is blocked in all browsers as an available extension via DOI policy, also, due to CSP policy you cannot run locally. I suspect most other Federal agencies are seeing similar issues. At this point however DOI has approved the "Wave" tool as an available extension so we will likely switch to using that.
Thanks again.
From: John Cotter @.> Sent: Thursday, May 19, 2022 9:18 AM To: SSAgov/ANDI @.> Cc: Kocol, Dan J @.>; Author @.> Subject: [EXTERNAL] Re: [SSAgov/ANDI] Due to CSP polices ANDI no longer works for checking most websites (Issue #137)
This email has been received from outside of DOI - Use caution before clicking on links, opening attachments, or responding.
Hi. We are aware of this limitation. There are a couple workarounds documented here: https://www.ssa.gov/accessibility/andi/help/faq.html#wontLaunchhttps://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ssa.gov%2Faccessibility%2Fandi%2Fhelp%2Ffaq.html%23wontLaunch&data=05%7C01%7Cdan_kocol%40contractor.nps.gov%7C3c518ccf021a40ca01cc08da39aace4f%7C0693b5ba4b184d7b9341f32f400a5494%7C0%7C0%7C637885703460757514%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fjsaphHFgPopcugFKftrONFs23fZsmDvKnSYdmdy1S0%3D&reserved=0
- Reply to this email directly, view it on GitHubhttps://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSSAgov%2FANDI%2Fissues%2F137%23issuecomment-1131858566&data=05%7C01%7Cdan_kocol%40contractor.nps.gov%7C3c518ccf021a40ca01cc08da39aace4f%7C0693b5ba4b184d7b9341f32f400a5494%7C0%7C0%7C637885703460757514%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jSyT6044QVWk%2B%2BXrFM0NkGkQfXUuK0S%2F7pk1VRtVXu0%3D&reserved=0, or unsubscribehttps://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAJTBCNAEHV74NXTXC7P2EETVKZLTPANCNFSM5WMRS64A&data=05%7C01%7Cdan_kocol%40contractor.nps.gov%7C3c518ccf021a40ca01cc08da39aace4f%7C0693b5ba4b184d7b9341f32f400a5494%7C0%7C0%7C637885703460757514%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=JcJcNXflSDg8XxTQNSO232FXugRDKYGAmVuPn7OdGgM%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.**@.>>
Refused to load the script 'https://www.ssa.gov/accessibility/andi/andi.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .arcgis.com localhost .embedly.com .youtube.com .ytimg.com .twitter.com .twimg.com .googletagmanager.com .google-analytics.com .github.com https://cdn.jsdelivr.net/npm/@arcgis/ .adobedtm.com .cookielaw.org .doubleclick.net .everestjs.net .onetrust.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Is there a strategy to address , possibly create an extension?