[PulseGuardian] CSP errors on DuoSec page

NEW
Unassigned

Status

2 years ago
2 years ago

People

(Reporter: mcote, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
From local testing, I'm getting some CSP errors on the DuoSec page when I choose to log in via LDAP:

Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src https://api-4b043da5.duosecurity.com”). Source: onfocusin attribute on DIV element.

Content Security Policy: The page’s settings blocked the loading of a resource at https://pulseguardian-dev.allizom.org:5000/static/fonts/glyphicons-halflings-regular.woff2 (“default-src https://api-4b043da5.duosecurity.com”).

Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src https://api-4b043da5.duosecurity.com”). Source: onfocusin attribute on DIV element.

Looks like the first and the third are DuoSec's fault, but the second is odd.  I'm not sure why it's trying to load a font after we've been redirected to duosecurity.com.

Regardless, these errors don't seem to affect functionality during and after logging in.
You need to log in before you can comment on or make changes to this bug.