#5029 - Cloudflare e-mail protection broken by CSP on v11
-
By PDStig
- Added
- 5 views
| Identifier | #5029 |
|---|---|
| Issue type | Trivial issue (does not break functionality) |
| Title | Cloudflare e-mail protection broken by CSP on v11 |
| Status | Completed |
| Handling member | Chris Graham |
| Addon | General / Uncategorised |
| Description | When attempting to reveal a protected e-mail address by Cloudflare, Composr v11 throws an error regarding a Content Security Policy Violation. |
| Steps to reproduce | |
| Additional information | {"csp-report":{"document-uri":"https://protected.domain/index.php?page=tickets&type=post&id=5_6370bdeeda18c&keep_fatalistic=1","referrer":"https://protected.domain/index.php?page=tickets&type=post&id=5_6370bdeeda18c","violated-directive":"script-src-elem","effective-directive":"script-src-elem","original-policy":"default-src 'self' fonts.googleapis.com www.fonts.googleapis.com apis.google.com www.apis.google.com translate.googleusercontent.com www.translate.googleusercontent.com paypal.com www.paypal.com ipnpb.paypal.com www.ipnpb.paypal.com sandbox.paypal.com www.sandbox.paypal.com ipnpb.sandbox.paypal.com www.ipnpb.sandbox.paypal.com facebook.com www.facebook.com protected.domain data:; style-src 'self' fonts.googleapis.com www.fonts.googleapis.com apis.google.com www.apis.google.com translate.googleusercontent.com www.translate.googleusercontent.com paypal.com www.paypal.com ipnpb.paypal.com www.ipnpb.paypal.com sandbox.paypal.com www.sandbox.paypal.com ipnpb.sandbox.paypal.com www.ipnpb.sandbox.paypal.com facebook.com www.facebook.com protected.domain * 'unsafe-inline'; script-src 'nonce-686b862504ed1' 'strict-dynamic'; frame-src * 'nonce-686b862504ed1'; worker-src 'self' fonts.googleapis.com www.fonts.googleapis.com apis.google.com www.apis.google.com translate.googleusercontent.com www.translate.googleusercontent.com paypal.com www.paypal.com ipnpb.paypal.com www.ipnpb.paypal.com sandbox.paypal.com www.sandbox.paypal.com ipnpb.sandbox.paypal.com www.ipnpb.sandbox.paypal.com facebook.com www.facebook.com protected.domain; connect-src 'self' fonts.googleapis.com www.fonts.googleapis.com apis.google.com www.apis.google.com translate.googleusercontent.com www.translate.googleusercontent.com paypal.com www.paypal.com ipnpb.paypal.com www.ipnpb.paypal.com sandbox.paypal.com www.sandbox.paypal.com ipnpb.sandbox.paypal.com www.ipnpb.sandbox.paypal.com facebook.com www.facebook.com protected.domain; font-src * data: blob:; object-src 'none'; img-src * data: blob:; media-src * data: blob:; manifest-src 'none'; base-uri 'self'; form-action 'self' fonts.googleapis.com www.fonts.googleapis.com apis.google.com www.apis.google.com translate.googleusercontent.com www.translate.googleusercontent.com paypal.com www.paypal.com ipnpb.paypal.com www.ipnpb.paypal.com sandbox.paypal.com www.sandbox.paypal.com ipnpb.sandbox.paypal.com www.ipnpb.sandbox.paypal.com facebook.com www.facebook.com protected.domain; frame-ancestors *; upgrade-insecure-requests; report-uri https://protected.domain/data/csp_logging.php","disposition":"enforce","blocked-uri":"https://protected.domain/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","status-code":500,"script-sample":""}} |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments