Closed emilghittasv closed 4 days ago
Status Update: We have re-enabled Wagtail in stage
in order to test the fix for the CSP violations.
Unfortunately we are still seeing CSP violations:
Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “script-src 'self' https://*.[mozilla.org](http://mozilla.org/) https://*.[webservices.mozgcp.net](http://webservices.mozgcp.net/) https://*.[google-analytics.com](http://google-analytics.com/) https://*.[googletagmanager.com](http://googletagmanager.com/) https://pontoon.mozilla.org/ https://*.[jsdelivr.net](http://jsdelivr.net/) 'unsafe-inline' 'nonce-DDNO07XZxGI+cnNSM/4LJQ=='”
and Uncaught TypeError: window.fileupload_opts is undefined
which prevents document and image uploads.
I can confirm that this issue is verified fixed in stage
.
Moving this ticket inside the release
column.
Steps to reproduce Steps to reproduce the behavior:
Expected behavior No CSP violations.
Actual behavior
Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “script-src 'self' https://*.mozilla.org https://*.webservices.mozgcp.net https://*.google-analytics.com https://*.googletagmanager.com https://pontoon.mozilla.org/ https://*.jsdelivr.net”
Desktop:
Additional context This issue is reproducible in
stage
only.