batzionb commented on issue #3197:
URL:
https://github.com/apache/incubator-kie-tools/issues/3197#issuecomment-3044576449
Adding some more details:
The csp exceptions that need to be added to enable the editor are:
script-src:' 'unsafe-inline'
connect-src: 'data:'
These are not enabled by default in a standard csp header.
To reproduce, you need to serve the files from a webserver which contains a
starndard secure csp for example:
Content-Security-Policy:
default-src 'self';
script-src 'self';
style-src 'self';
img-src 'self' data:;
font-src 'self';
object-src 'none';
frame-ancestors 'none';
base-uri 'self';
connect-src 'self';
form-action 'self';
frame-src 'none';
media-src 'self';
manifest-src 'self';
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
