Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps - Status | Demo | Docs | Install
  1. Cloudron Forum
  2. Gitea
  3. Content Security Policy produces a javascript error.

Content Security Policy produces a javascript error.

Scheduled Pinned Locked Moved Gitea
csp
3 Posts 3 Posters 162 Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • sfeldkampS Offline
    sfeldkampS Offline
    sfeldkamp
    wrote on last edited by sfeldkamp
    #1

    If you add the "Strict Baseline" or "Report CSP Violations" Content Security Policy it produces a javascript error on every page load. Is this working as designed?

    477dc618-477c-4766-90ff-e7ba5a6387e7-image.png

    1 Reply Last reply
    1
    • jamesJ Online
      jamesJ Online
      james
      Staff
      wrote on last edited by
      #2

      Hello @sfeldkamp
      Please provide more details.

      • Cloudron Version
      • Gitea app version
      • what are you configuring
      • what logs are visible in the web log viewer
      1 Reply Last reply
      0
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by nebulon
        #3

        many apps require browser features like javascript eval() for example which would be blocked with the strict rules. This does not automatically mean the app is insecure or so, blindly applying those rules without understanding the apps does not add much benefit there. There are various ways apps can protect unsafe operations besides csp rules.

        If you are curious about gitea usage here, you can try to tweak them to narrow down the issue or ask upstream.

        1 Reply Last reply
        1

        Hello! It looks like you're interested in this conversation, but you don't have an account yet.

        Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

        With your input, this post could be even better 💗

        Register Login
        Reply
        • Reply as topic
        Log in to reply
        • Oldest to Newest
        • Newest to Oldest
        • Most Votes

        • Login
        • Don't have an account? Register
        • Login or register to search.
        • First post
          Last post
        0
        • Categories
        • Recent
        • Tags
        • Popular
        • Bookmarks
        • Search