archlinux / arch-security-tracker

Arch Linux Security Tracker
https://security.archlinux.org
MIT License
123 stars 40 forks source link

HTTP 400 page shows CORS issue #202

Closed jelly closed 2 years ago

jelly commented 2 years ago

On HTTP 400:

Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

anthraxx commented 2 years ago

fixed via 2e5ab7009d2ee4ebdbabd5e65a669eae9e39ed46