Default installation runs into csp violation when trying to use the new diagram functionality
Solved
CryptPad
-
When trying to open a diagram from inside of Cryptpad it stays at the "Loading..." screen and the following is printed in the Javascript console of my browser.
Refused to load manifest from 'https://sandbox.domain.com/components/drawio/src/main/webapp/images/manifest.json' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'manifest-src' was not explicitly set, so 'default-src' is used as a fallback.
-
I can reproduce this. The nginx config needs to be updated, pushing a new package.
-
Should be fixed in latest package.
-
-