Bug #102323
open
CSP issues in BE ckeditor5
0%
Description
In Firefox I get the following CSP error - only in Firefox
Files
Updated by Claus Harup 6 months ago
UPDATE: It is not only firefox
Updated by Oliver Hader 6 months ago
- Category changed from Security to RTE (rtehtmlarea + ckeditor)
- Assignee deleted (
Oliver Hader) - Target version deleted (
next-patchlevel)
I'm not sure why CKEditor5 needs to eval code there...
Updated by Oliver Hader 6 months ago
- Status changed from New to Needs Feedback
Hm. I was not able to reproduce that with the recent state of the v12.4 branch. Which TYPO3 version/commit are you using?
Updated by Oliver Hader 6 months ago
- File Screenshot 2023-11-06 at 12.44.21.png added
I was not able to reproduce that in TYPO3 v12.4.7, using the YAML setting editor.config.debug: true to enable the inspector.
Updated by Oliver Hader 6 months ago
- File deleted (
Screenshot 2023-11-06 at 12.44.21.png)
Updated by Oliver Hader 6 months ago
- File 12.4.7-macos-chrome.png 12.4.7-macos-chrome.png added
Updated by Oliver Hader 6 months ago
Can you provide a script snippet that causes this problem (either by clicking in the console, or it also might be logged in the TYPO3 CSP backend module). It is possible, that browser plugins (e.g. VueJS devtools or similar) are causing these kind of violations...
Updated by Claus Harup 6 months ago
- File clipboard-202311061345-dwrvz.png clipboard-202311061345-dwrvz.png added
- File clipboard-202311061351-zlzab.png clipboard-202311061351-zlzab.png added
Updated by Oliver Hader 6 months ago
Thx. At least I can confirm the implicit eval is in the bundled JavaScript code. The reason seems to be a bundling issue with WebPack and the lack of having a dedicated ES6 module.
Updated by Oliver Hader 6 months ago
- Status changed from Needs Feedback to Accepted
Updated by Oliver Hader 6 months ago
- Subject changed from CSP issues in BE ckeditor - only in firefox to CSP issues in BE ckeditor5