Comments (4)
mhh, weird, all the listed problems are originated by jQuery
being somehow blocked by buttons.github.io/buttons.js
.
So it is only broken on debug
mode as per
https://github.com/pimcore/admin-ui-classic-bundle/blob/fa2d03aaeb4787e1813f71f6a7ec58b28cd820cb/templates/admin/login/layout.html.twig#L45-L50
On demo seems working fine
(by opening icon library
when editing a data object class) and even locally on dev
mode
from pimcore.
But the mentioned github button is appearing only on login page, not sure how it can be reproduced, looks like it is logging out/expiring session somehow on some icon and it's in-lining the login page content instead of the image or things like that.
I see a i am content script
in the console log, is it part of some front end tests?
from pimcore.
Hmm problem appreared in fresh installation of skeleton in prod env
from pimcore.
The error output regarding GitHub buttons JavaScript is misleading - it's just the CSP header's value.
I think the reason for this error is that the icon-list
template includes the jQuery lib from external source, but the URL is not listed in CSP allow list:
<script
src="https://code.jquery.com/jquery-3.7.1.min.js"
integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo="
crossorigin="anonymous"></script>
self::SCRIPT_OPT => [
'https://buttons.github.io/buttons.js', // GitHub star button on login page
],
So a quick fix could be to include the jQuery CDN as well in der CSP.
from pimcore.
Related Issues (20)
- [Bug]: Adding a link in a Localized-Field breaks Object HOT 2
- [Bug]: Gps Code mandatory checked failed
- [Mail] Do not set fallback from address
- CORS origin issue on pimcore 10.6.9 HOT 2
- [Data Objects] UrlSlug data-type: fix return/param types
- [Bug]: DataObjects onPostAdd Event Listener makes duplicate Object Relation HOT 1
- [Bug]: Objects with URLSlug property cannot be copy & pasted anymore HOT 1
- [Bug]: search doesn't work in relational field if the object name is partially written
- [Bug]: Create new blank page giving 500 error and WYSIWYG text limit
- [Bug]: localized multiselect field does not provide an option to add select options in different language
- ValidationException messages shows attribute name instead of attribute title
- [Bug] Documentation error: Hard coded Content-Type in example MyAssetController class for asset protection HOT 1
- Webhook - Data Objects - Operator Alias not working as expected
- [Bug]: Reorder of localized fields in class definition doesn't work HOT 2
- [Bug]: "classes-rebuild -d" fails on deployment HOT 5
- facing HTTP 500 Internal Server Error Failed to start the session because headers have already been sent by "" at line 0 error while sending response from controller to ext js HOT 1
- [Feature]: Asset Mapping Handles Fonts HOT 2
- Add HeadlessDocument menu not showing
- [Improvement]: Case insensitive search for object title and key in filter grid view
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pimcore.