Closed tanujatbrightfind closed 3 years ago
Version 1.0.3
Can you check the console for errors? The content security policy may be blocking something as 403's can be created when the csp blocks the request that generates the diff.
Thanks for your response David. Please see attached screenshot. I can add content security policy to web.config, Can you help me with right sources needed for the addon to work in DXP?
Current value:
<add name="Content-Security-Policy" value="default-src 'self' ws: wss: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://www.facebook.com *.episerver.net *.bing.com *.virtualearth.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.episerver.net *.bing.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; connect-src 'self' https://dc.services.visualstudio.com ws: wss: *.bing.com *.virtualearth.net; img-src 'self' data: http: https:; child-src 'self' http://player.vimeo.com https://www.youtube.com" />
Attn @davidknipe
Firewall error detail from cloudflare resulting in 403:
{ "key": "group", "value": "cloudflare_specials" }, { "key": "rule_message", "value": "XSS, HTML Injection - Script Tag" } Attn @davidknipe
Thanks for the info, I will look into it. From memory it posts the html of each version to get the red/green comparison back. Sounds like Cloudflare inspects the request and sees it as potential script injection. Will try to recreate and see if there is a work around.
Pretty sure it's been blocked because of this line:
It posts two sets of HTML to a server side controller method for the comparison version to be generated. So can you try replacing
https://gist.github.com/davidknipe/bb9467a9bf51d6db785ec2699948c6c1
If it works then I will get update and push a new version out.
Hey @tanujatbrightfind did you manage to try the fix above?
Hi @davidknipe I tried testing using updated gist on DXP. I am seeing still seeing the same 403 output.
Hey @tanujatbrightfind can you try again (have updated the gist). I am guessing that perhaps your source code had Githubissues.
When trying to load Visual Compare add-on on DXP environment. It throws a "403" error in console. and screen keeps spinning.
Attn: @davidknipe