314707 – Too rigid Content Security Policy?

Bug 314707 - Too rigid Content Security Policy?

Summary: Too rigid Content Security Policy?

Status:	RESOLVED DUPLICATE of bug 310230

Alias:	None

Product:	kwebkitpart
Classification:	Frameworks and Libraries
Component:	general (show other bugs)
Version:	unspecified
Platform:	Ubuntu Linux

Importance:	NOR major
Target Milestone:	---
Assignee:	webkit-devel

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-02-08 20:09 UTC by Thomas Tanghus
Modified:	2013-02-10 04:57 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Screen shot of browser and web inspector (255.09 KB, image/png) 2013-02-08 20:17 UTC, Thomas Tanghus	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Tanghus 2013-02-08 20:09:52 UTC

For the upcoming ownCloud 5 CSP headers are sent to block inline scripts from executing[1], but for some reason this prevents rekonq from loading *any* external scripts and style.
At first I thought it was only rekonq, but the same goes for Konqueror when using WebKit.

It works as supposed in Firefox and Chromium.

[1] https://github.com/owncloud/core/blob/master/lib/template.php#L195


Reproducible: Always

Steps to Reproduce:
1. Install ownCloud master from git https://github.com/owncloud/core
2. Notice no scripts or stylesheets are loaded.

Actual Results:  
ownCloud is unusable because no script or styles are loaded.

Expected Results:  
The CSP should only apply for inline scripts.

KDE 4.10 on Kubuntu 12.10
Apache 2

Comment 1 Thomas Tanghus 2013-02-08 20:17:22 UTC

Created attachment 77031 [details]
Screen shot of browser and web inspector

Comment 2 Thomas Tanghus 2013-02-08 20:29:01 UTC

The package for kpart-webkit says 1.3~git20120518.9a111005-2 so this could be a packaging issue?

Comment 3 Dawit Alemayehu 2013-02-10 04:57:19 UTC


*** This bug has been marked as a duplicate of bug 310230 ***