New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fancybox CSP violations (script-src violation, blocked inline) #520

Closed

dougwaldron opened this issue May 9, 2022 · 1 comment · Fixed by #521

Assignees

Member

dougwaldron commented May 9, 2022 •

edited

Loading

Raygun report https://app.raygun.com/crashreporting/258s6a2/errors/126487768971 has more details about the error

This issue is a subset of #527

dougwaldron changed the title ~~script-src violation, blocked inline~~ Fancybox CSP violations (script-src violation, blocked inline)

dougwaldron self-assigned this

Member Author

dougwaldron commented May 9, 2022

The Raygun report combines multiple different CSP violations. This issue is for the Fancybox violations:

Fancybox adds a style element that requires allowing its hash. (NOTE: The style element and hence the hash both depend on the browser's scrollbar width, which is 17px for Chrome, Edge, and Firefox on Windows, but may be different for other browser/OS combinations.)
The "thumbs" option uses both inline styles and inline JavaScript.

dougwaldron mentioned this issue

Fix recent CSP violations #521

Merged

dougwaldron closed this as completed in

ae05f4c

dougwaldron closed this as completed in #521

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment