Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot create new relations #1265

Closed
gythaogg opened this issue Oct 7, 2024 · 0 comments · Fixed by #1270 or #1264
Closed

Cannot create new relations #1265

gythaogg opened this issue Oct 7, 2024 · 0 comments · Fixed by #1270 or #1264

Comments

@gythaogg
Copy link
Contributor

gythaogg commented Oct 7, 2024
edited
Loading

Popups are blocked by the following JS error

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com ajax.googleapis.com cdn.rawgit.com *.acdh.oeaw.ac.at unpkg.com fonts.gstatic.com cdn.datatables.net code.highcharts.com *.acdh-dev.oeaw.ac.at *.acdh.oeaw.ac.at openstreetmap.org *.openstreetmap.org".

    at new Function (<anonymous>)
    at [email protected]:1:24672
    at Tr ([email protected]:1:35877)
    at HTMLAnchorElement.a ([email protected]:1:24647)
(anonymous) @ [email protected]:1
Tr @ [email protected]:1
a @ [email protected]:1Understand this error

Related to acdh-oeaw/apis-instance-nomansland-dev#14

Update from @b1rger

Introduced in a2e80fa
Oke, long debugging session later: as the error messages says, the problem is CSP, which enabled in our default settings, but which is not enabled in the discworld sample project. Apparently I did only test this commit with the sample project. For now it helps to add 'unsafe-eval' to the CSP_DEFAULT_SRC, but we should try to find a better fix. Therefore I suggest to only do this in the projects and not in the default settings.
b1rger added a commit that referenced this issue Oct 7, 2024
@b1rger
fix(relations): use javascript onclick instead of htmx on:click
429cee5 
This makes the trigger also work with a strict CSP that does not allow
`unsafe-eval`.

Closes: #1265
@b1rger b1rger mentioned this issue Oct 7, 2024
Merged
b1rger added a commit that referenced this issue Oct 7, 2024
@b1rger
fix(relations): use javascript onclick instead of htmx on:click
db2b008 
This makes the trigger also work with a strict CSP that does not allow
`unsafe-eval`.

Closes: #1265
@github-actions github-actions bot mentioned this issue Oct 7, 2024
Merged
@github-actions github-actions bot mentioned this issue Nov 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@gythaogg