View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
5029Composr alpha bug reportsGeneral / Uncategorisedpublic2022-11-14 15:532022-11-16 21:09
ReporterPDStig Assigned ToChris Graham  
PrioritynormalSeveritytrivial 
Status resolvedResolutionfixed 
Summary5029: Cloudflare e-mail protection broken by CSP on v11
DescriptionWhen attempting to reveal a protected e-mail address by Cloudflare, Composr v11 throws an error regarding a Content Security Policy Violation.
Additional Information{"csp-report":{"document-uri":"https://protected.domain/index.php?page=tickets&type=post&id=5_6370bdeeda18c&keep_fatalistic=1","referrer":"https://protected.domain/index.php?page=tickets&type=post&id=5_6370bdeeda18c","violated-directive":"script-src-elem","effective-directive":"script-src-elem","original-policy":"default-src 'self' fonts.googleapis.com www.fonts.googleapis.com apis.google.com www.apis.google.com translate.googleusercontent.com www.translate.googleusercontent.com paypal.com www.paypal.com ipnpb.paypal.com www.ipnpb.paypal.com sandbox.paypal.com www.sandbox.paypal.com ipnpb.sandbox.paypal.com www.ipnpb.sandbox.paypal.com facebook.com www.facebook.com protected.domain data:; style-src 'self' fonts.googleapis.com www.fonts.googleapis.com apis.google.com www.apis.google.com translate.googleusercontent.com www.translate.googleusercontent.com paypal.com www.paypal.com ipnpb.paypal.com www.ipnpb.paypal.com sandbox.paypal.com www.sandbox.paypal.com ipnpb.sandbox.paypal.com www.ipnpb.sandbox.paypal.com facebook.com www.facebook.com protected.domain * 'unsafe-inline'; script-src 'nonce-686b862504ed1' 'strict-dynamic'; frame-src * 'nonce-686b862504ed1'; worker-src 'self' fonts.googleapis.com www.fonts.googleapis.com apis.google.com www.apis.google.com translate.googleusercontent.com www.translate.googleusercontent.com paypal.com www.paypal.com ipnpb.paypal.com www.ipnpb.paypal.com sandbox.paypal.com www.sandbox.paypal.com ipnpb.sandbox.paypal.com www.ipnpb.sandbox.paypal.com facebook.com www.facebook.com protected.domain; connect-src 'self' fonts.googleapis.com www.fonts.googleapis.com apis.google.com www.apis.google.com translate.googleusercontent.com www.translate.googleusercontent.com paypal.com www.paypal.com ipnpb.paypal.com www.ipnpb.paypal.com sandbox.paypal.com www.sandbox.paypal.com ipnpb.sandbox.paypal.com www.ipnpb.sandbox.paypal.com facebook.com www.facebook.com protected.domain; font-src * data: blob:; object-src 'none'; img-src * data: blob:; media-src * data: blob:; manifest-src 'none'; base-uri 'self'; form-action 'self' fonts.googleapis.com www.fonts.googleapis.com apis.google.com www.apis.google.com translate.googleusercontent.com www.translate.googleusercontent.com paypal.com www.paypal.com ipnpb.paypal.com www.ipnpb.paypal.com sandbox.paypal.com www.sandbox.paypal.com ipnpb.sandbox.paypal.com www.ipnpb.sandbox.paypal.com facebook.com www.facebook.com protected.domain; frame-ancestors *; upgrade-insecure-requests; report-uri https://protected.domain/data/csp_logging.php","disposition":"enforce","blocked-uri":"https://protected.domain/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","status-code":500,"script-sample":""}}
TagsNo tags attached.
Attach Tags
Sponsorship open

Sponsor

Date Added Member Amount Sponsored

Activities

PDStig

2022-11-14 15:54

administrator   ~7643

(I replaced my actual website with "protected.domain" in the above.

Issue History

Date Modified Username Field Change
2022-11-14 15:53 PDStig New Issue
2022-11-14 15:54 PDStig Note Added: 0007643
2022-11-14 15:57 PDStig Severity Feature or Request => Trivial Bug
2022-11-16 21:09 Chris Graham Assigned To => Chris Graham
2022-11-16 21:09 Chris Graham Status Not Assigned => Resolved
2022-11-16 21:09 Chris Graham Resolution open => fixed
2023-02-26 18:29 Chris Graham Category General => General / Uncategorised