[Bug] Icon Library Problems about pimcore HOT 4 OPEN

mhh, weird, all the listed problems are originated by jQuery being somehow blocked by buttons.github.io/buttons.js.

So it is only broken on debug mode as per
https://github.com/pimcore/admin-ui-classic-bundle/blob/fa2d03aaeb4787e1813f71f6a7ec58b28cd820cb/templates/admin/login/layout.html.twig#L45-L50

On demo seems working fine

(by opening icon library when editing a data object class) and even locally on dev mode

from pimcore.

But the mentioned github button is appearing only on login page, not sure how it can be reproduced, looks like it is logging out/expiring session somehow on some icon and it's in-lining the login page content instead of the image or things like that.

I see a i am content script in the console log, is it part of some front end tests?

from pimcore.

Hmm problem appreared in fresh installation of skeleton in prod env

from pimcore.

The error output regarding GitHub buttons JavaScript is misleading - it's just the CSP header's value.

I think the reason for this error is that the icon-list template includes the jQuery lib from external source, but the URL is not listed in CSP allow list:

<script
    src="https://code.jquery.com/jquery-3.7.1.min.js"
    integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo="
    crossorigin="anonymous"></script>

https://github.com/pimcore/admin-ui-classic-bundle/blob/v1.5.1/templates/admin/misc/icon_list.html.twig#L127

        self::SCRIPT_OPT => [
            'https://buttons.github.io/buttons.js', // GitHub star button on login page
        ],

https://github.com/pimcore/admin-ui-classic-bundle/blob/v1.5.1/src/Security/ContentSecurityPolicyHandler.php#L57

So a quick fix could be to include the jQuery CDN as well in der CSP.

from pimcore.