miniflux
[Bug]: Mark all as read on category page not working
Bug Summary
Not able to mark all as read when on a specific category page
Description
When I go to Categories page and select a category and "Mark all as read", nothing happens
Steps to Reproduce
- Go to Categories page
- select a category
- press "mark all as read"
Expected Behavior
should mark all as read
Actual Behavior
nothing happens
Version
2.2.12
Browser
Chrome
Relevant Logs or Error Output
Additional Context
i'm using the docker image for miniflux/miniflux:2.2.12
Checklist
- [x] I have searched existing issues to ensure this bug hasn't been reported before.
What kind of "nothing" happens?
I've got self-hosted miniflux 2.2.14 + FF 145.0.1 (64-bit windows) and when I click mark all as read miniflux redirects me back to the Categories page.
Do you see anything warnings/errors in the developer console while the "nothing" is happening? Does the "Are you sure" show up? Does the "nothing" happen after you click "Yes"? Does the browser navigate somewhere?
Maybe the "nothing" is happening because you have javascript disabled?
Please share the browser console logs (or any other relevant debugging information) so I can understand what's going on. It's difficult to diagnose the issue without technical details. Also, please make sure you're running the latest stable version of Miniflux.
I've got a similar problem. The Mark as read button doesn't work anywhere.
https://github.com/user-attachments/assets/b07fb132-a4db-4d55-bd37-06c17256f515
Console logs:
Content-Security-Policy warnings 2
Loading failed for the <script> with source “https://miniflux.kedi.dev/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js”. unread:1780:134
Loading failed for the <script> with source “https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015”. unread:1780:1556
Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://miniflux.kedi.dev/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js from being executed because it violates the following directive: “script-src 'nonce-6b6100b890a4a21d3d0ccbe3eca0d1b7' 'strict-dynamic'” unread
Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “script-src 'nonce-6b6100b890a4a21d3d0ccbe3eca0d1b7' 'strict-dynamic'”. Consider using a hash ('sha256-JWOqVrzEvyvJiR+BRnibXvjiVQm4roGQqFrAaNsX59Q=') or a nonce. unread:1780:151
Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 from being executed because it violates the following directive: “script-src 'nonce-6b6100b890a4a21d3d0ccbe3eca0d1b7' 'strict-dynamic'” unread
Content-Security-Policy: The page’s settings blocked an inline style (style-src-elem) from being applied because it violates the following directive: “style-src 'nonce-6b6100b890a4a21d3d0ccbe3eca0d1b7'”. Consider using a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=', requires 'unsafe-hashes' for style attributes) or a nonce. autoconsent.js:635:14
Content-Security-Policy: The page’s settings blocked an inline style (style-src-elem) from being applied because it violates the following directive: “style-src 'nonce-6b6100b890a4a21d3d0ccbe3eca0d1b7'”. Consider using a hash ('sha256-qNjq/jG03FeMedl7UXoOSC6rFbQWes61G/smYlDfGnY=', requires 'unsafe-hashes' for style attributes) or a nonce. autoconsent.js:646:7
Layout was forced before the page was fully loaded. If stylesheets are not yet loaded this may cause a flash of unstyled content. node.js:409:1
Content-Security-Policy: The page’s settings blocked a style (style-src-elem) at https://miniflux.kedi.dev/stylesheets/system_serif.13dd04f939dfc51c588c3dcd309f8e71.css from being applied because it violates the following directive: “style-src 'nonce-6b6100b890a4a21d3d0ccbe3eca0d1b7'” 7 NetUtil.sys.mjs:144:15
Content-Security-Policy: The page’s settings blocked an inline style (style-src-elem) from being applied because it violates the following directive: “style-src 'nonce-6b6100b890a4a21d3d0ccbe3eca0d1b7'”. Consider using a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=', requires 'unsafe-hashes' for style attributes) or a nonce. autoconsent.js:635:14
Let me know if you need anything else.
@ananthb This issue is about the mark all as read button, but you seem to be talking about the mark as read button.
You have two sketchy looking things in your log though: cloudflare and autoconsent.js
Did you recently enable either of those things?
There was a CSP change in 2.2.14. Maybe the new CSP miniflux sends might be upsetting the JS cloudflare injects?
Miniflux has never been compatible with Cloudflare's JavaScript optimizations (such as Rocket Loader). For security reasons, Miniflux uses a strict Content Security Policy that blocks any third-party script injection or execution. This has been the case since the project's inception.
@guest20 Mark all as read does not work either. I'm unable to make anything as read.
I'll try disabling cloudflare's js rewriting and give it a shot.
@fguillot thank you, disapling rocket loader works for me too. @cdtl22 we can close this?
im not sure what's changed but it's working for me now. thanks everyone for looking into it 🙏