search

alfio-event / alf.io

alf.io - The open source ticket reservation system for conferences, trade shows, workshops, meetups
https://alf.io
GNU General Public License v3.0
1.4k stars 346 forks source link

Impossible to log in: recaptcha refused to load the script #783

Closed icougil closed 4 years ago

icougil commented 5 years ago

Describe the bug It is impossible to log into alf.io admin console when you have recaptcha activated.

To Reproduce Steps to reproduce the behavior:

  1. Go to http://yoursite/admin
  2. You will not see the captcha and in your browser console you will see an error like the next one: Refused to load the script 'https://www.gstatic.com/recaptcha/releases/xxxxxxxx/recaptcha__xxxx.js' because it violates the following Content Security Policy directive: "script-src 'self' https://js.stripe.com/ https://api.stripe.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/api2/ https://maps.googleapis.com/ https://connect.facebook.net/ https://www.facebook.com/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Expected behavior See the recaptcha & login button appear

Screenshots image

Desktop (please complete the following information):

Smartphone (please complete the following information):

Additional context alf.io version: 1.x-maintenance

Btw, I've been having a look and with this simple change I think it could be solved. I can prepare a PR if you think it could be integrated in the current 1.x maintenance branch ;-)

Best,

icougil commented 4 years ago

Hi @cbellone Did you had time to review that issue? I think that the main problem is only the URL of the Content-Security-Policy: image Removing the /api2 should solve the issue. Best,

cbellone commented 4 years ago

Hi @cougil , thanks for the report.

I have applied your suggestion to the 2.0-M1-maintenance branch, as the 1.x-maintenance is EOL. As soon as my PR is merged, we'll release a new version of 2.0-M1

I would suggest you to switch your instance to the current stable branch

Thanks Celestino

icougil commented 4 years ago

Hi @cbellone Thank you very much. Oh, didn't knew that the 1.x.x branch is EOL. A question btw, if we switch our instance to the 2.0-M1 version, the current setup of the system will continue working? Best,

cbellone commented 4 years ago

it depends on the modifications that you've made on your fork.

Migrating a "vanilla" 1.x alf.io to 2.0-M1 is safe. We have migrated dozens of instances managed by @swicket without any problems.

If your fork contains database modifications, I would suggest you to give it a try it locally using a database backup first

icougil commented 4 years ago

Ok, thank you very much! We didn't change our database, so I think it will be safe to migrate to 2.0-M1 Best,

cbellone commented 4 years ago

please wait until the fix has been merged :)

EDIT: see https://github.com/alfio-event/alf.io/pull/811

icougil commented 4 years ago

wops! sorry! 😛