search

microsoft / vsts-extension-multivalue-control

A work item form control which allows selection of multiple values.
MIT License
47 stars 45 forks source link

Content Security Policy Errors #146

Open lfscoelho opened 4 years ago

lfscoelho commented 4 years ago

Hi, After installing the latest version of the extension in Azure DevOps Server 2019 Update 1.1 I noticed that I was getting some errors related with Content Security Policies.

I am far from being an expert in CSP, but after reading a lot of material, I believe that the multivalue control tries to inject some scripts and fonts on the client when rendering the work item page containing the multivalue control.

My understanding is that ms-devlabs need to whitelist everything being injected on the client by this plugin and so the browser would trust and not display all the errors.

CSP Error

Can I get some feedback on this?

awojtas commented 1 year ago

This would explain why sometimes the font appears incorrect. I've noticed this happens more for our remote users. Good luck getting support though on it though - I've tried messaging Azure DevOps on Twitter as the developer here doesn't seem to respond.