[ https://issues.apache.org/jira/browse/OFBIZ-12423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pierre Smits updated OFBIZ-12423: --------------------------------- Summary: Font used with Helveticus theme generates CSP violations (was: Font used with Helvetica theme generates CSP violations) > Font used with Helveticus theme generates CSP violations > -------------------------------------------------------- > > Key: OFBIZ-12423 > URL: https://issues.apache.org/jira/browse/OFBIZ-12423 > Project: OFBiz > Issue Type: Bug > Components: themes > Affects Versions: Trunk > Reporter: Pierre Smits > Priority: Major > Labels: CSP, trust, usability > > The font used by the Helvetica theme generates multiple CSP violations > according to the inspector in the Firefox browser. See below. > {code:java} > Content Security Policy: The page’s settings observed the loading of a > resource at inline (“default-src”). A CSP report is being sent. 3 > EditTaxAuthority > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJFQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 > (“default-src”). A CSP report is being sent. 4 > Content Security Policy: The page’s settings observed the loading of a > resource at inline (“default-src”). A CSP report is being sent. > EditTaxAuthority > Cookie “auth_tkt” will be soon treated as cross-site cookie against > “https://localhost:8443/helveticus/js/helveticus.js” because the scheme does > not match. helveticus.js > Cookie “auth_tkt” will be soon treated as cross-site cookie against > “https://localhost:8443/accounting/control/EditTaxAuthority?taxAuthPartyId=AUT_BMF&taxAuthGeoId=AUT” > because the scheme does not match. 2 EditTaxAuthority > Cookie “auth_tkt” will be soon treated as cross-site cookie against > “https://localhost:8443/helveticus/js/OfbizUtil.js” because the scheme does > not match. OfbizUtil.js > Cookie “auth_tkt” will be soon treated as cross-site cookie against > “https://localhost:8443/images/favicon-96.png” because the scheme does not > match. favicon-96.png > Cookie “auth_tkt” will be soon treated as cross-site cookie against > “https://localhost:8443/images/favicon-32.png” because the scheme does not > match. favicon-32.png > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 > (“default-src”). A CSP report is being sent. resource:517:31 > Content Security Policy: The page’s settings observed the loading of a > resource at > https://fonts.gstatic.com/s/quicksand/v24/6xKtdSZaM9iE8KbpRA_hJVQNYuDyP7bh.woff2 > (“default-src”). A CSP report is being sent. {code} -- This message was sent by Atlassian Jira (v8.20.1#820001)