App user QR code violates CSP directive - Githubissues

getodk / central

ODK Central is a server that is easy to use, very fast, and stuffed with features that make data collection easier. Contribute and make the world a better place! ✨🗄✨

https://docs.getodk.org/central-intro/

Apache License 2.0

121 stars 145 forks source link

App user QR code violates CSP directive #629

Open matthew-white opened 2 months ago

matthew-white commented 2 months ago

Problem description

When I view an app user QR code in Frontend, I see an error in the browser console in Chrome:

[Report Only] Refused to load the image 'data:image/gif;base64,...' because it violates the following Content Security Policy directive: "img-src *". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'data:' must be added explicitly.

URL of the page

https://staging.getodk.cloud/#/projects/85/app-users

Steps to reproduce the problem

Navigate to the URL above.
Open the browser console.
Click "See code".

Central version shown in version.txt

versions:
f0b2a90bce34fc13b0df4affd8b3158d57bcf904 (v2023.5.1-5-gf0b2a90)
+2bb17a501416814bbd987ddc953abc5b0c40c58a client (v2023.5.0-43-g2bb17a50)
+267e0ad7806057fc82894f58bea680627f1de5cd server (v2023.5.0-49-g267e0ad7)