Re: [DOCS] sphinx: use new Sphinx links

Thu, 10 Nov 2022 02:37:12 -0800 

Hi,

On 10.11.22 11:03, Gerald Pfeifer wrote:

On Thu, 10 Nov 2022, Martin Liška wrote:

https://gcc.gnu.org/install/ is back with a new face.

But it's not working properly due to some Content Security Policy:

Hmm, it worked in my testing before and I just tried again:
Firefox 106.0.1 (64-bit)


Did you open the console (F12)? If I do, I see the errors:

Content Security Policy: The page’s settings blocked the loading of a
resource at inline (“default-src”). That's for line 18, which is
'<style>'. The next one is for line 42 (same error) which is for:
<script>document.body.dataset.theme = localStorage.getItem("theme") ||
"auto"; </script>And then there is twice: Content Security Policy: The
page’s settings blocked the loading of a resource at
data:image/svg+xml;charset=utf-8,<svg xm… (“default-src”).


(It feels a bit curious how the position in the web server's file system
or a symlink could trigger something like that?)


If you look at the output of 'curl -I', which shows only the HTTP header, you 
will
see that only the /install/ URL has:

content-security-policy: default-src 'self' http: https:

There must be some server configuration that add this - but it does not seem
to be in the .ht* files in the wwwdocs git repo.

I could imaging that /install often contains some files in the default config
such that the central Apache configuration contains has this line to disallow 
code.
As most production servers don't use /install - it won't affect them and 
protects
them from some issues. → Something for overseers to check.


For a description, see:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
and 
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

* * *


Looking at the source code of index.html I am wondering about
   <html class="no-js" lang="en">
versus all the .js inclusions later on.


But that only confuses humans - for the computer, it is just the name of
a CSS style sheet class.

Tobias

-----------------
Siemens Electronic Design Automation GmbH; Anschrift: Arnulfstraße 201, 80634 
München; Gesellschaft mit beschränkter Haftung; Geschäftsführer: Thomas 
Heurung, Frank Thürauf; Sitz der Gesellschaft: München; Registergericht 
München, HRB 106955






















					Reply via email to