Open TimidRobot opened 3 years ago
Q: How should the new form be implemented? A: For starter we can create a normal HTML form with all the following fields which are required as per resourcetemplate.md.
I think we can first define the sections that we need this form to include such as title, type, image, etc. Then using Bootstrap, we can create a form asking the user to input this information So, How many sections (labels and input fields) do we need?
As the link says a new google form can be made and link can be updated. Alternatively, we can make our own form using Vocabulary components.
@TimidRobot if Iam not mistaken,
If above two are perfect but even though the form is not working/displaying the best solution would be creating new form and connecting it to the website. I would like to work on this issue. can you please assign this to me.
please let me know if Iam wrong. Thank you.
sorry but , @TimidRobot can you please review this issue https://github.com/creativecommons/cc-resource-archive/issues/50 I had done decent amount of work on it. thanks a lot for your time.
And more importantly the page https://resources.creativecommons.org/submit/ is producing the following error in the browser console:
about this error: - Refused to frame 'https://docs.google.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
this error occurs when the Content Security Policy (CSP) set by the creativecommons website restricts the sources of the iframe. To fix this issue, you'll need to modify the CSP on the website. I think we have to add csv header that allows docs.google.com. this will definitely fix this issue. Thanks I would like to work on this issue. can you assign this issue to me.
And this are all the network calls made when a user visits this page (submit page ).
as we can see that the csp header is specified as ----->= content-security-policy: frame-ancestors 'self'
generally, we add this header to avoid attacks or it means that the website has a Content Security Policy (CSP) in place that restricts which sources are allowed to frame the website. This restriction can help prevent certain types of attacks, such as clickjacking, by ensuring that the website is only embedded within trusted pages.
By setting the frame-ancestors directive to 'self', the content security policy will tell the browser that allow the sites in frame tag that as same origin as the origin of the creative commons website. But Hear in this case the origin of the creative common website and doc.google.com website is completely different. Because of this we are facing this error.
I would like to work on this issue can you please assign this to me. @TimidRobot Thanks a lot for your time. please let me know if Iam Wrong.
you can typically find the CSP configuration in the HTTP headers of your web server. The CSP header is usually named "Content-Security-Policy" or "Content-Security-Policy-Report-Only". If Iam not mistaken it should be changed something like this. Content-Security-Policy: frame-ancestors 'self' websiteYouwantToAllow; hear https:docs.google.com sorry if Iam wrong.
To fix this issue we have to allow the docs.google.com to display its content in creativecommons website to do this. instead of this content-security-policy: frame-ancestors 'self' we should modify it to Content-Security-Policy: frame-ancestors 'self' websiteYouwantToAllow; hear https:docs.google.com this should be done in HTTP headers in web server of this website. thank you
@Keerthivardhan1 I don't think there is any issue with the CSP of the website regardless of the error in the console. If you open the link in a separate tab. It clearly states that the form is missing/deleted. If you change the link to any other form link that is currently available as I did, it works completely fine.
@Lakshay-Pruthi Thanks for clarifying my idea.
I don't think using google forms as a mediator is a good idea, we should implement the form ourselves as it gives us more control over the data, but implementing that would also require us to have our own backend and a way to organize the submitted data like google forms.
Description
Submission form is missing
Reproduction
visit http://resources.creativecommons.org/submit/
Additional context
(?) How should the new form be implemented?