search

creativecommons / cc-resource-archive

Collection of resources on Creative Commons (CC) tools and other open topics
https://resources.creativecommons.org/
MIT License
59 stars 134 forks source link

Submission form missing #9

Open TimidRobot opened 3 years ago

TimidRobot commented 3 years ago

Description

Submission form is missing

Reproduction

visit http://resources.creativecommons.org/submit/

Additional context

(?) How should the new form be implemented?

manavagr1108 commented 1 year ago

Q: How should the new form be implemented? A: For starter we can create a normal HTML form with all the following fields which are required as per resourcetemplate.md.

Ahmed2003Essam commented 1 year ago

I think we can first define the sections that we need this form to include such as title, type, image, etc. Then using Bootstrap, we can create a form asking the user to input this information So, How many sections (labels and input fields) do we need?

Lakshay-Pruthi commented 1 year ago

As the link says image a new google form can be made and link can be updated. Alternatively, we can make our own form using Vocabulary components.

Keerthivardhan1 commented 1 year ago

@TimidRobot if Iam not mistaken,

  1. security settings or content security policies that may block external content from being embedded using iframes. we have to Make sure that your website's security settings are not blocking external content. 2 Google Form should set to "Public"

If above two are perfect but even though the form is not working/displaying the best solution would be creating new form and connecting it to the website. I would like to work on this issue. can you please assign this to me.

please let me know if Iam wrong. Thank you.

Keerthivardhan1 commented 1 year ago

sorry but , @TimidRobot can you please review this issue https://github.com/creativecommons/cc-resource-archive/issues/50 I had done decent amount of work on it. thanks a lot for your time.

Keerthivardhan1 commented 1 year ago

And more importantly the page https://resources.creativecommons.org/submit/ is producing the following error in the browser console:

submissionerror

about this error: - Refused to frame 'https://docs.google.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".

this error occurs when the Content Security Policy (CSP) set by the creativecommons website restricts the sources of the iframe. To fix this issue, you'll need to modify the CSP on the website. I think we have to add csv header that allows docs.google.com. this will definitely fix this issue. Thanks I would like to work on this issue. can you assign this issue to me.

Keerthivardhan1 commented 1 year ago

And this are all the network calls made when a user visits this page (submit page ).

network2

as we can see that the csp header is specified as ----->= content-security-policy: frame-ancestors 'self'

Meaning

generally, we add this header to avoid attacks or it means that the website has a Content Security Policy (CSP) in place that restricts which sources are allowed to frame the website. This restriction can help prevent certain types of attacks, such as clickjacking, by ensuring that the website is only embedded within trusted pages.

Solution

By setting the frame-ancestors directive to 'self', the content security policy will tell the browser that allow the sites in frame tag that as same origin as the origin of the creative commons website. But Hear in this case the origin of the creative common website and doc.google.com website is completely different. Because of this we are facing this error.

I would like to work on this issue can you please assign this to me. @TimidRobot Thanks a lot for your time. please let me know if Iam Wrong.

Keerthivardhan1 commented 1 year ago

you can typically find the CSP configuration in the HTTP headers of your web server. The CSP header is usually named "Content-Security-Policy" or "Content-Security-Policy-Report-Only". If Iam not mistaken it should be changed something like this. Content-Security-Policy: frame-ancestors 'self' websiteYouwantToAllow; hear https:docs.google.com sorry if Iam wrong.

Keerthivardhan1 commented 1 year ago

To fix this issue we have to allow the docs.google.com to display its content in creativecommons website to do this. instead of this content-security-policy: frame-ancestors 'self' we should modify it to Content-Security-Policy: frame-ancestors 'self' websiteYouwantToAllow; hear https:docs.google.com this should be done in HTTP headers in web server of this website. thank you

Lakshay-Pruthi commented 1 year ago

@Keerthivardhan1 I don't think there is any issue with the CSP of the website regardless of the error in the console. If you open the link in a separate tab. It clearly states that the form is missing/deleted. If you change the link to any other form link that is currently available as I did, it works completely fine. image

Keerthivardhan1 commented 1 year ago

@Lakshay-Pruthi Thanks for clarifying my idea.

asrvd commented 1 year ago

I don't think using google forms as a mediator is a good idea, we should implement the form ourselves as it gives us more control over the data, but implementing that would also require us to have our own backend and a way to organize the submitted data like google forms.