Internal server error on validation page + CSP error

[bnjbvr]

Hi! Thanks for doing mysteryshack. I was trying to use it on my server, installed it behind a Nginx proxy, set up the proxy headers, and then tried to use it with Laverna.

When I enter my email identifier and then click Connect (in Laverna), I get to the redirection page from Mysteryshack, and I seem to hit two errors:

• nothing appears on screen. In the server logs, I see the following:

Server error: IronError { error: RenderError(RenderError { desc: "Helper not defined: \"block\"", template_name: Some("layout"), line_no: Some(8), column_no: Some(13) }), response: HTTP/1.1 500 Internal Server Error
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self';frame-ancestors 'none'
 }

• the client (browser developers console) logs show the following:

Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src https://url”). Source: 
            html { display: none; }
   ....  dashboard:20
 Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src https://url”). Source: 
            if(self == top) {
         ....  dashboard:23
 Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src https://url”). Source: 
:root #content > #right > .dose > .dose....  dashboard:1
 Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src https://url”). Source: call to eval() or related function blocked by CSP.

Does it ring a bell? Can I get some help, please? Please let me know if you need more logs, or I should run some debugging code or anything.

Cheers!

[untitaker]

I can reproduce this issue. It can be that the handlebars upgrade introduced some bugs

[untitaker]

Please try again with master. Unsure about the CSP warnings.

[bnjbvr]

That fixed it, thanks a lot!