Bug 314707

Summary: Too rigid Content Security Policy?
Product: [Frameworks and Libraries] kwebkitpart Reporter: Thomas Tanghus <thomas>
Component: generalAssignee: webkit-devel
Status: RESOLVED DUPLICATE    
Severity: major CC: adawit
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Attachments: Screen shot of browser and web inspector

Description Thomas Tanghus 2013-02-08 20:09:52 UTC 
For the upcoming ownCloud 5 CSP headers are sent to block inline scripts from executing[1], but for some reason this prevents rekonq from loading *any* external scripts and style.
At first I thought it was only rekonq, but the same goes for Konqueror when using WebKit.

It works as supposed in Firefox and Chromium.

[1] https://github.com/owncloud/core/blob/master/lib/template.php#L195


Reproducible: Always

Steps to Reproduce:
1. Install ownCloud master from git https://github.com/owncloud/core
2. Notice no scripts or stylesheets are loaded.

Actual Results:  
ownCloud is unusable because no script or styles are loaded.

Expected Results:  
The CSP should only apply for inline scripts.

KDE 4.10 on Kubuntu 12.10
Apache 2
Comment 1 Thomas Tanghus 2013-02-08 20:17:22 UTC 
Created attachment 77031 [details]
Screen shot of browser and web inspector
Comment 2 Thomas Tanghus 2013-02-08 20:29:01 UTC 
The package for kpart-webkit says 1.3~git20120518.9a111005-2 so this could be a packaging issue?
Comment 3 Dawit Alemayehu 2013-02-10 04:57:19 UTC 

*** This bug has been marked as a duplicate of bug 310230 ***