A user cannot login due to CSP issue

Since a while a user is not able to log to the forum.
He has a CSP issue:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src https://boulette.advantaged.net/logs/ https://boulette.advantaged.net/sidekiq/ https://boulette.advantaged.net/mini-profiler-resources/ https://boulette.advantaged.net/assets/ https://boulette.advantaged.net/brotli_asset/ https://boulette.advantaged.net/extra-locales/ https://boulette.advantaged.net/highlight-js/ https://boulette.advantaged.net/javascripts/ https://boulette.advantaged.net/plugins/ https://boulette.advantaged.net/theme-javascripts/ https://boulette.advantaged.net/svg-sprite/ 'sha256-8uakdak4qxxceyzl0wxad2nnj2tgkya14hybh66pnn0='". Either the 'unsafe-inline' keyword, a hash ('sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='), or a nonce ('nonce-...') is required to enable inline execution.

deprecate-shim.js:33 DEPRECATION: Function prototype extensions have been deprecated, please migrate from function(){}.property('bar') to computed('bar', function() {}). [deprecation id: function-prototype-extensions.property] See https://deprecations.emberjs.com/v3.x#toc_function-prototype-extensions-property for more details.
(anonymous) @ deprecate-shim.js:33

To be acurate I never configure any CSP and let it configured by default:

Can anyone help me on this?
Thanks in advance

Did that happen to just a single user?

Only one who contact us about it.

This feels like a problem with the specific user’s browser.

The script in question (with hash sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=) is already present in the CSP.

When I visit the site I don’t see any CSP errors.


Ok, Thanks for your help! :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.