subject:"\[Wikidata\-bugs\] \[Maniphest\] T323451\: QueryBuilder\: Download fails because of Content Security Policy"

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

2022-12-02 Thread Lydia_Pintscher

Lydia_Pintscher triaged this task as "Low" priority.

TASK DETAIL
  https://phabricator.wikimedia.org/T323451

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Lydia_Pintscher
Cc: Lydia_Pintscher, Puikstekend, Aklapper, Astuthiodit_1, AWesterinen, 
karapayneWMDE, Invadibot, MPhamWMF, maantietaja, CBogen, ItamarWMDE, Akuckartz, 
Nandana, Namenlos314, Lahi, Gq86, Lucas_Werkmeister_WMDE, GoranSMilovanovic, 
Mahir256, QZanden, EBjune, merbst, LawExplorer, Salgo60, _jensen, rosalieper, 
Scott_WUaS, Jonas, Xmlizer, jkroll, Wikidata-bugs, Jdouglas, aude, Tobias1984, 
Manybubbles, Mbch331
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

2022-12-02 Thread Lydia_Pintscher

Lydia_Pintscher added a project: Wikidata Dev Team.

TASK DETAIL
  https://phabricator.wikimedia.org/T323451

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Lydia_Pintscher
Cc: Lydia_Pintscher, Puikstekend, Aklapper, Astuthiodit_1, AWesterinen, 
karapayneWMDE, Invadibot, MPhamWMF, maantietaja, CBogen, ItamarWMDE, Akuckartz, 
Nandana, Namenlos314, Lahi, Gq86, Lucas_Werkmeister_WMDE, GoranSMilovanovic, 
Mahir256, QZanden, EBjune, merbst, LawExplorer, Salgo60, _jensen, rosalieper, 
Scott_WUaS, Jonas, Xmlizer, jkroll, Wikidata-bugs, Jdouglas, aude, Tobias1984, 
Manybubbles, Mbch331
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

2022-11-22 Thread Lydia_Pintscher

Lydia_Pintscher updated the task description.

TASK DETAIL
  https://phabricator.wikimedia.org/T323451

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Lydia_Pintscher
Cc: Lydia_Pintscher, Puikstekend, Aklapper, Astuthiodit_1, AWesterinen, 
karapayneWMDE, Invadibot, MPhamWMF, maantietaja, CBogen, ItamarWMDE, Akuckartz, 
Nandana, Namenlos314, Lahi, Gq86, Lucas_Werkmeister_WMDE, GoranSMilovanovic, 
Mahir256, QZanden, EBjune, merbst, LawExplorer, Salgo60, TerraCodes, _jensen, 
rosalieper, Scott_WUaS, Jonas, Xmlizer, jkroll, Wikidata-bugs, Jdouglas, aude, 
Tobias1984, Manybubbles, Mbch331
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

2022-11-22 Thread Lydia_Pintscher

Lydia_Pintscher removed a project: TestMe.

TASK DETAIL
  https://phabricator.wikimedia.org/T323451

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Lydia_Pintscher
Cc: Lydia_Pintscher, Puikstekend, Aklapper, Astuthiodit_1, AWesterinen, 
karapayneWMDE, Invadibot, MPhamWMF, maantietaja, CBogen, ItamarWMDE, Akuckartz, 
Nandana, Namenlos314, Lahi, Gq86, Lucas_Werkmeister_WMDE, GoranSMilovanovic, 
Mahir256, QZanden, EBjune, merbst, LawExplorer, Salgo60, _jensen, rosalieper, 
Scott_WUaS, Jonas, Xmlizer, jkroll, Wikidata-bugs, Jdouglas, aude, Tobias1984, 
Manybubbles, Mbch331, TerraCodes
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

2022-11-22 Thread Lydia_Pintscher

Lydia_Pintscher added a comment.


  Aha!
  Ok then the link to the query is misleading. It's not actually happening in a 
stand-alone embedded view of the query result. Here is a link that shows the 
problem: https://w.wiki/5$MM I'll update the task description.

TASK DETAIL
  https://phabricator.wikimedia.org/T323451

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Lydia_Pintscher
Cc: Lydia_Pintscher, Puikstekend, Aklapper, Astuthiodit_1, AWesterinen, 
karapayneWMDE, Invadibot, MPhamWMF, maantietaja, CBogen, ItamarWMDE, Akuckartz, 
Nandana, Namenlos314, Lahi, Gq86, Lucas_Werkmeister_WMDE, GoranSMilovanovic, 
Mahir256, QZanden, EBjune, merbst, LawExplorer, Salgo60, TerraCodes, _jensen, 
rosalieper, Scott_WUaS, Jonas, Xmlizer, jkroll, Wikidata-bugs, Jdouglas, aude, 
Tobias1984, Manybubbles, Mbch331
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

2022-11-22 Thread Puikstekend

Puikstekend added a comment.


  Thanks for the reply Lydia! Looks like this issue stems from the Content 
Security Policy set by the WikiData Query Builder server. I narrowed the issue 
down to a CSP restriction on the iframe sandbox. It tries to download a 
resource at //blob:https://query.wikidata.org/xxx //, but this violates the CSP 
//default-src self;// and //connect-src 'self' https://www.wikidata.org 
https://meta.wikimedia.org; // directives because the scheme does not match any 
of the listed sources. (when going directly to the 
https://query.wikidata.org/embed.html page, I also didn't get this issue, 
because there is no longer an iframe that tries to download a blob object).
  
  I'm not exactly sure what is necessary to resolve this issue, but I think 
there are two things to look at first:
  
  - add //blob:https://query.wikidata.org // to the //connect-src// directive 
in the CSP in the http headers (see MDN 
)
  - //allow-downloads// directive on the iframe sandbox (see MDN 
)
  
  Note that Google's CSP evaluator  
already lists a high severity finding for this page ('unsafe-inline' allows the 
execution of unsafe in-page scripts and event handlers.)

TASK DETAIL
  https://phabricator.wikimedia.org/T323451

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Puikstekend
Cc: Lydia_Pintscher, Puikstekend, Aklapper, Astuthiodit_1, AWesterinen, 
karapayneWMDE, Invadibot, MPhamWMF, maantietaja, CBogen, ItamarWMDE, Akuckartz, 
Nandana, Namenlos314, Lahi, Gq86, Lucas_Werkmeister_WMDE, GoranSMilovanovic, 
Mahir256, QZanden, EBjune, merbst, LawExplorer, Salgo60, TerraCodes, _jensen, 
rosalieper, Scott_WUaS, Jonas, Xmlizer, jkroll, Wikidata-bugs, Jdouglas, aude, 
Tobias1984, Manybubbles, Mbch331
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

2022-11-21 Thread Lydia_Pintscher

Lydia_Pintscher added projects: TestMe, Wikidata Query UI.
Lydia_Pintscher added a comment.


  It looks like this doesn't have anything to do with the query builder but 
instead is a generic query service ui issue. I'm adding the tag for that.
  I followed the steps and I can not reproduce the issue (also in Firefox). Can 
someone else? My hunch is that there is some privacy setting/extension in your 
browser involved?

TASK DETAIL
  https://phabricator.wikimedia.org/T323451

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Lydia_Pintscher
Cc: Lydia_Pintscher, Puikstekend, Aklapper, Astuthiodit_1, AWesterinen, 
karapayneWMDE, Invadibot, MPhamWMF, maantietaja, CBogen, ItamarWMDE, Akuckartz, 
Nandana, Namenlos314, Lahi, Gq86, Lucas_Werkmeister_WMDE, GoranSMilovanovic, 
Mahir256, QZanden, EBjune, merbst, LawExplorer, Salgo60, TerraCodes, _jensen, 
rosalieper, Scott_WUaS, Jonas, Xmlizer, jkroll, Wikidata-bugs, Jdouglas, aude, 
Tobias1984, Manybubbles, Mbch331
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

2022-11-20 Thread Maintenance_bot

Maintenance_bot added a project: Wikidata.

TASK DETAIL
  https://phabricator.wikimedia.org/T323451

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Maintenance_bot
Cc: Puikstekend, Aklapper, Astuthiodit_1, karapayneWMDE, Invadibot, 
maantietaja, ItamarWMDE, Akuckartz, Nandana, Lahi, Gq86, GoranSMilovanovic, 
QZanden, LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, 
Mbch331
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

[Wikidata-bugs] [Maniphest] T323451: QueryBuilder: Download fails because of Content Security Policy

8 matches

Site Navigation

Mail list logo

Footer information