[jira] [Updated] (OFBIZ-12423) Font used with Helveticus theme generates CSP violations

Tue, 14 Dec 2021 01:26:45 -0800 


     [ 
https://issues.apache.org/jira/browse/OFBIZ-12423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pierre Smits updated OFBIZ-12423:
---------------------------------
    Summary: Font used with Helveticus theme generates CSP violations  (was: 
Font used with Helvetica theme generates CSP violations)

> Font used with Helveticus theme generates CSP violations
> --------------------------------------------------------
>
>                 Key: OFBIZ-12423
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12423
>             Project: OFBiz
>          Issue Type: Bug
>          Components: themes
>    Affects Versions: Trunk
>            Reporter: Pierre Smits
>            Priority: Major
>              Labels: CSP, trust, usability
>
> The font used by the Helvetica theme generates multiple CSP violations 
> according to the inspector in the Firefox browser. See below.
> {code:java}
> Content Security Policy: The page’s settings observed the loading of a 
> resource at inline (“default-src”). A CSP report is being sent. 3 
> EditTaxAuthority
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
>  (“default-src”). A CSP report is being sent. 4 
> Content Security Policy: The page’s settings observed the loading of a 
> resource at inline (“default-src”). A CSP report is being sent. 
> EditTaxAuthority
> Cookie “auth_tkt” will be soon treated as cross-site cookie against 
> “https://localhost:8443/helveticus/js/helveticus.js” because the scheme does 
> not match. helveticus.js
> Cookie “auth_tkt” will be soon treated as cross-site cookie against 
> “https://localhost:8443/accounting/control/EditTaxAuthority?taxAuthPartyId=AUT_BMF&taxAuthGeoId=AUT”
>  because the scheme does not match. 2 EditTaxAuthority
> Cookie “auth_tkt” will be soon treated as cross-site cookie against 
> “https://localhost:8443/helveticus/js/OfbizUtil.js” because the scheme does 
> not match. OfbizUtil.js
> Cookie “auth_tkt” will be soon treated as cross-site cookie against 
> “https://localhost:8443/images/favicon-96.png” because the scheme does not 
> match. favicon-96.png
> Cookie “auth_tkt” will be soon treated as cross-site cookie against 
> “https://localhost:8443/images/favicon-32.png” because the scheme does not 
> match. favicon-32.png
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
>  (“default-src”). A CSP report is being sent. resource:517:31
> Content Security Policy: The page’s settings observed the loading of a 
> resource at 
> https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2
>  (“default-src”). A CSP report is being sent. {code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to