Open ch3fc00k opened 2 weeks ago
OliEfr
commented
2 weeks ago Thanks for submitting the issue.
I assume you save your ZIH Login in TUfast, and setup 2FA as described here (please check): https://github.com/TUfast-TUD/TUfast_TUD/blob/main/docs%2F2FA.md
Then, when you visit the zih-login page the error you described above occurs. Correct?
Since when do you have the problem?
ch3fc00k
commented
2 weeks ago Yes, 2FA was setup exactly like in the describtion. Correct. Since today.
It can't be a Token Problem, because I have no LogIn issues on my laptop.
OliEfr
commented
2 weeks ago HI @C0ntroller , do you have an idea?
ch3fc00k
commented
2 weeks ago @OliEfr it seems like the issue resolved itself, as I tried to login this morning I got through just like anytime else.
C0ntroller
commented
2 weeks ago HI @C0ntroller , do you have an idea?
Nope, never seen that.
Chrome Console Error: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src-elem 'nonce-_c11d832fe1e69377b818c54eca5def62'". Either the 'unsafe-inline' keyword, a hash ('sha256-FwBJ4xNQDeCjsM4q01E/8NcnhbrIQ736ZPz34ysXdcw='), or a nonce ('nonce-...') is required to enable inline execution.
This could be anything from a bad configuration of the TU guys to any browser add on you have installed (adblocker, privacy stuff). Do you see this message on other sites too (especially some with restrictive Content-security-policy like logins)?
This error ocures instantaneously after submitting the default TULogIn data {username} and {password}. I have no chance of submitting my 2FA Token manually, because the request is skipped.
In this case I would strongly think TUfast is not the culprit. Because the script only runs after the site is loaded (else we would run into problems of not existing inputs or buttons), you should always see the sites at least for a short time.
Also the error itself sounds more like some backend stuff, but as I never saw it before, I can't say that for sure.
What is the bug? Explain what the bug is. Be as precise as possible. We should be able to reproduce the bug based on your explanation.
Chrome Console Error: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src-elem 'nonce-_c11d832fe1e69377b818c54eca5def62'". Either the 'unsafe-inline' keyword, a hash ('sha256-FwBJ4xNQDeCjsM4q01E/8NcnhbrIQ736ZPz34ysXdcw='), or a nonce ('nonce-...') is required to enable inline execution.
This error ocures instantaneously after submitting the default TULogIn data {username} and {password}. I have no chance of submitting my 2FA Token manually, because the request is skipped.
Screenshots
What system are you running?
Browser:
Chrome
TUfast Version:
8.1.1.0
Anything else that is important? No idea if this is "important": I tried -reinstalling the AddOn(TUfast), -refreshing my LogIn Data and the Base32 encoded Token, -renew the whole 2FA Token, and I'm already out of ideas.