pim-community-dev icon indicating copy to clipboard operation
pim-community-dev copied to clipboard

Published 20 hours ago verified publisher icon akeneo

Content Security Policy issue with Symfony Profiler

Open karelVanGeerdeghom opened this issue 4 years ago • 2 comments

Akeneo CE 4.0.78

When I set:

APP_ENV=dev
APP_DEBUG=1

I get the following error in Chrome Version 87.0.4280.88 (Official Build) (x86_64)

Refused to connect to 'http://<domain>/_wdt/c72228' because it violates the following Content Security Policy directive: "default-src 'self' *.akeneo.com 'unsafe-inline'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

and in FF 84.0 (64-bit)

Content Security Policy: The page’s settings blocked the loading of a resource at http://<domain>/_wdt/42b4ca (“default-src”).

In other words: I can't access the Symfony profiler for debugging purposes.

How can I fix this?

karelVanGeerdeghom avatar Dec 16 '20 16:12 karelVanGeerdeghom

We are facing the same issue while loading images from an external resource in description fields. How can we solve this?

image

wucherpfennig avatar Apr 09 '21 21:04 wucherpfennig

We had the same issue that @wucherpfennig has mentioned. I've found a solution for this by including additional content security policy. I went over this at https://github.com/akeneo/pim-community-dev/issues/14028#issuecomment-2004034691

Username070 avatar Mar 18 '24 14:03 Username070