Openbravo Issue Tracking System - POS2 |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0047837 | POS2 | Core | public | 2021-10-13 09:10 | 2021-11-11 07:01 |
|
| Reporter | alostale | |
| Assigned To | alostale | |
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0047837: index.html has inline scripts |
| Description | Core2 applications' index.html has some inline scripts. This is a discouraged practice. Its execution would be prevented if an strict CSP is put in place [1].
---
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP [^] |
| Steps To Reproduce | 1. Configure app server to include CSP header by either:
a. setting it in Apache
or
b. setting it in Tomcat (ie. apply attached diff)
2. Run pos2 (in production mode)
-> ERROR: it is not rendered |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | defect | 0046950 | | closed | alostale | Openbravo ERP | prevent image inline scripts | | blocks | feature request | 0047996 | | acknowledged | Triage Platform Base | POS2 | make core2/pos2 CSP ready |
|
| Attached Files |  tomcat-csp.diff (1,050) 2021-10-13 09:11
https://issues.openbravo.com/file_download.php?file_id=16261&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2021-10-13 09:10 | alostale | New Issue | |
| 2021-10-13 09:10 | alostale | Assigned To | => Retail |
| 2021-10-13 09:10 | alostale | Triggers an Emergency Pack | => No |
| 2021-10-13 09:11 | alostale | File Added: tomcat-csp.diff | |
| 2021-10-13 09:12 | alostale | Relationship added | related to 0046950 |
| 2021-10-13 09:17 | alostale | Proposed Solution updated | |
| 2021-10-15 13:21 | hgbot | Note Added: 0132365 | |
| 2021-10-18 11:28 | guilleaer | Status | new => scheduled |
| 2021-10-18 11:28 | guilleaer | Assigned To | Retail => alostale |
| 2021-11-05 07:33 | alostale | Issue cloned | 0047996 |
| 2021-11-05 07:33 | alostale | Relationship added | blocks 0047996 |
| 2021-11-05 07:39 | alostale | Type | feature request => defect |
| 2021-11-05 07:39 | alostale | Summary | make core2/pos2 CSP ready => index.html has inline scripts |
| 2021-11-05 07:39 | alostale | Description Updated | bug_revision_view_page.php?rev_id=23285#r23285 |
| 2021-11-05 07:39 | alostale | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=23287#r23287 |
| 2021-11-05 07:39 | alostale | Proposed Solution updated | |
| 2021-11-11 07:01 | hgbot | Note Added: 0132947 | |
| 2021-11-11 07:01 | hgbot | Resolution | open => fixed |
| 2021-11-11 07:01 | hgbot | Status | scheduled => closed |
| 2021-11-11 07:01 | hgbot | Note Added: 0132948 | |