joshtynjala commented on issue #1252: URL: https://github.com/apache/royale-asjs/issues/1252#issuecomment-2694853305
It looks like we haven't updated Tour de Jewel on the website in quite a while. Since it was working before, as best I can tell, Apache has re-configured all servers with a stricter content security policy. Here's what I see in the console in Firefox: > Content-Security-Policy: The page’s settings blocked a style (style-src-elem) at https://fonts.googleapis.com/css?family=Lato:400,700 from being applied because it violates the following directive: “style-src 'self' 'unsafe-inline' data:” tourdejewel > Loading failed for the <script> with source “https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js”. tourdejewel:1:1 > Loading failed for the <script> with source “https://cdnjs.cloudflare.com/ajax/libs/dialog-polyfill/0.4.9/dialog-polyfill.min.js”. tourdejewel:1:1 > Loading failed for the <script> with source “https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js”. tourdejewel:1:1 > Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ https://www.apachecon.com/” tourdejewel:28:16 > Content-Security-Policy: The page’s settings blocked a style (style-src-elem) at https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css from being applied because it violates the following directive: “style-src 'self' 'unsafe-inline' data:” tourdejewel:33:16 > Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://cdnjs.cloudflare.com/ajax/libs/dialog-polyfill/0.4.9/dialog-polyfill.min.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ https://www.apachecon.com/” tourdejewel:36:16 > Content-Security-Policy: The page’s settings blocked a style (style-src-elem) at https://cdnjs.cloudflare.com/ajax/libs/dialog-polyfill/0.4.9/dialog-polyfill.min.css from being applied because it violates the following directive: “style-src 'self' 'unsafe-inline' data:” tourdejewel:41:17 > Content-Security-Policy: The page’s settings blocked a style (style-src-elem) at https://fonts.googleapis.com/icon?family=Material+Icons from being applied because it violates the following directive: “style-src 'self' 'unsafe-inline' data:” tourdejewel:46:17 > Content-Security-Policy: The page’s settings blocked a style (style-src-elem) at https://pro.fontawesome.com/releases/v5.13.0/css/all.css from being applied because it violates the following directive: “style-src 'self' 'unsafe-inline' data:” tourdejewel:51:18 > Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ https://www.apachecon.com/” tourdejewel:54:17 JS and CSS from external CDNs are being blocked. We'll need to update Tour de Jewel to include all resources on our own server instead. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@royale.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
