[WebKit-devel] [kwebkitpart] [Bug 314707] New: Too rigid Content Security Policy?
Thomas Tanghus
thomas at tanghus.net
Fri Feb 8 20:09:52 UTC 2013
https://bugs.kde.org/show_bug.cgi?id=314707
Bug ID: 314707
Summary: Too rigid Content Security Policy?
Classification: Unclassified
Product: kwebkitpart
Version: unspecified
Platform: Ubuntu Packages
OS: Linux
Status: UNCONFIRMED
Severity: major
Priority: NOR
Component: general
Assignee: webkit-devel at kde.org
Reporter: thomas at tanghus.net
For the upcoming ownCloud 5 CSP headers are sent to block inline scripts from
executing[1], but for some reason this prevents rekonq from loading *any*
external scripts and style.
At first I thought it was only rekonq, but the same goes for Konqueror when
using WebKit.
It works as supposed in Firefox and Chromium.
[1] https://github.com/owncloud/core/blob/master/lib/template.php#L195
Reproducible: Always
Steps to Reproduce:
1. Install ownCloud master from git https://github.com/owncloud/core
2. Notice no scripts or stylesheets are loaded.
Actual Results:
ownCloud is unusable because no script or styles are loaded.
Expected Results:
The CSP should only apply for inline scripts.
KDE 4.10 on Kubuntu 12.10
Apache 2
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the WebKit-devel
mailing list