search

owncloud / notes

:notebook_with_decorative_cover: Notes app for ownCloud
GNU Affero General Public License v3.0
194 stars 46 forks source link

Content Security Policy blocks app from loading #195

Open strugee opened 8 years ago

strugee commented 8 years ago

When I load the just-installed Notes app on my server, I get the following security error in my console:

Content Security Policy: The page's settings blocked the loading of a resource at self ("script-src https://cloud.strugee.net 'unsafe-eval'").

All I see is a white screen in ownCloud, with the + for "new note" barely visible. I'm running ownCloud 8.2.2 and Notes 2.0.0. ownCloud is sending the following HTTP header with the first response:

content-security-policy: "default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: *;font-src 'self';connect-src 'self';media-src 'self'"
ldonis commented 8 years ago

I have the same issue in my owncloud 9.0 installation and notes app 2.0.1

Henni commented 7 years ago

is this fixed with 2.0.2?

Grotax commented 7 years ago

Just checked it and no still content-security-policy error also only the last created note is loaded

Henni commented 7 years ago

@LukasReschke could this be the same jquery problem as in https://github.com/owncloud/contacts/issues/151 ?