Closed Bug 1387300 Opened 7 years ago Closed 5 years ago

[PulseGuardian] CSP errors on DuoSec page

Categories

(Webtools :: Pulse, enhancement)

Product:
Webtools
Component:
Pulse
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: mcote, Unassigned)

Details

From local testing, I'm getting some CSP errors on the DuoSec page when I choose to log in via LDAP:

Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src https://api-4b043da5.duosecurity.com”). Source: onfocusin attribute on DIV element.

Content Security Policy: The page’s settings blocked the loading of a resource at https://pulseguardian-dev.allizom.org:5000/static/fonts/glyphicons-halflings-regular.woff2 (“default-src https://api-4b043da5.duosecurity.com”).

Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src https://api-4b043da5.duosecurity.com”). Source: onfocusin attribute on DIV element.

Looks like the first and the third are DuoSec's fault, but the second is odd.  I'm not sure why it's trying to load a font after we've been redirected to duosecurity.com.

Regardless, these errors don't seem to affect functionality during and after logging in.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.