Apr 2022
6 / 6
Apr 2022
Apr 2022
somogyi
Apr '22
1

Hi,

First:
Egroupware install type: Docker
Version: 21.1.20220408

Some browsers report in console, that some script blocked, because missing CSP directives.

Safari: Refused to execute a script because its hash, its nonce, or ‘unsafe-inline’ does not appear in the script-src directive of the Content Security Policy. (index.php:0)

Seamonkey: Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://SITE ‘unsafe-eval’”). Source: onfocusin attribute on DIV element. (index.php)

Firefox: Blocked inline („script-src”)

Chrome does not show any errors that related to this.

Can you help with this?

Thank you!

BR,
Z

  • created

    Apr '22

  • last reply

    Apr '22
  • 5

    replies

  • 1.5k

    views

  • 2

    users

  • 2

    links

  • 3
RalfBeckerEGroupware GmbH
Apr '22

You can safely ignore that error.

We have an event-handler bound on that events, which get successful triggered and stops the propagation / calling the handler in the on* attribute. Some browsers still mark that as an error.

Ralf

RalfBeckerEGroupware GmbH
Apr '22

I think I know what the problem is: latest SeaMonkey is compatible with FF 60.8, which does NOT work with our latest release.

Hadi already commited a fix7, but due to no one complained so far, we have not released it and it will come with the next maintenance release.

But be warned, current SeaMonkey will no longer work with the next EGroupware version, due to our updated JavaScript requirements.

Ralf