Bug #102323
closedCSP issues in BE ckeditor5
0%
Description
In Firefox I get the following CSP error - only in Firefox
Files
Updated by Claus Harup about 1 year ago
UPDATE: It is not only firefox
Updated by Oliver Hader about 1 year ago
- Category changed from Security to RTE (rtehtmlarea + ckeditor)
- Assignee deleted (
Oliver Hader) - Target version deleted (
next-patchlevel)
I'm not sure why CKEditor5 needs to eval
code there...
Updated by Oliver Hader about 1 year ago
- Status changed from New to Needs Feedback
Hm. I was not able to reproduce that with the recent state of the v12.4 branch. Which TYPO3 version/commit are you using?
Updated by Oliver Hader about 1 year ago
- File Screenshot 2023-11-06 at 12.44.21.png added
I was not able to reproduce that in TYPO3 v12.4.7, using the YAML setting editor.config.debug: true
to enable the inspector.
Updated by Oliver Hader about 1 year ago
- File deleted (
Screenshot 2023-11-06 at 12.44.21.png)
Updated by Oliver Hader about 1 year ago
- File 12.4.7-macos-chrome.png 12.4.7-macos-chrome.png added
Updated by Oliver Hader about 1 year ago
Can you provide a script snippet that causes this problem (either by clicking in the console, or it also might be logged in the TYPO3 CSP backend module). It is possible, that browser plugins (e.g. VueJS devtools or similar) are causing these kind of violations...
Updated by Claus Harup about 1 year ago
- File clipboard-202311061345-dwrvz.png clipboard-202311061345-dwrvz.png added
- File clipboard-202311061351-zlzab.png clipboard-202311061351-zlzab.png added
Updated by Oliver Hader about 1 year ago
Thx. At least I can confirm the implicit eval is in the bundled JavaScript code. The reason seems to be a bundling issue with WebPack and the lack of having a dedicated ES6 module.
Updated by Oliver Hader about 1 year ago
- Status changed from Needs Feedback to Accepted
Updated by Oliver Hader about 1 year ago
- Subject changed from CSP issues in BE ckeditor - only in firefox to CSP issues in BE ckeditor5
Updated by Georg Ringer 7 months ago
- Status changed from Accepted to Resolved
author states that it is fixed, therefore closing issue
Updated by Garvin Hicking 26 days ago
- Related to Bug #105848: CKEditor inspector creates CSP errors + (sometimes) breaks IRRE records (Firefox) added