pimcore icon indicating copy to clipboard operation
pimcore copied to clipboard

Published 20 hours ago verified publisher icon pimcore

[Bug] Icon Library Problems

Open fashxp opened this issue 1 year ago • 4 comments

Pimcore version

2024.2

Steps to reproduce

open icon library

Actual Behavior

  • [ ] JS errors when opening image

  • [ ] click on icons with green border has no effect image

  • [ ] click on icon does not copy path to clipboard

Expected Behavior

no errors...

fashxp avatar Jul 24 '24 13:07 fashxp

Update: Hiding this misleading comment, in the demo it worked because another bundle added jquery to csp allowed list

mhh, weird, all the listed problems are originated by jQuery being somehow blocked by buttons.github.io/buttons.js.

So it is only broken on debug mode as per https://github.com/pimcore/admin-ui-classic-bundle/blob/fa2d03aaeb4787e1813f71f6a7ec58b28cd820cb/templates/admin/login/layout.html.twig#L45-L50

On demo seems working fine image (by opening icon library when editing a data object class) and even locally on dev mode

kingjia90 avatar Jul 25 '24 07:07 kingjia90

But the mentioned github button is appearing only on login page, not sure how it can be reproduced, looks like it is logging out/expiring session somehow on some icon and it's in-lining the login page content instead of the image or things like that.

I see a i am content script in the console log, is it part of some front end tests?

kingjia90 avatar Jul 25 '24 07:07 kingjia90

Hmm problem appreared in fresh installation of skeleton in prod env

fashxp avatar Jul 25 '24 11:07 fashxp

The error output regarding GitHub buttons JavaScript is misleading - it's just the CSP header's value.

I think the reason for this error is that the icon-list template includes the jQuery lib from external source, but the URL is not listed in CSP allow list:

<script
    src="https://code.jquery.com/jquery-3.7.1.min.js"
    integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo="
    crossorigin="anonymous"></script>

https://github.com/pimcore/admin-ui-classic-bundle/blob/v1.5.1/templates/admin/misc/icon_list.html.twig#L127

        self::SCRIPT_OPT => [
            'https://buttons.github.io/buttons.js', // GitHub star button on login page
        ],

https://github.com/pimcore/admin-ui-classic-bundle/blob/v1.5.1/src/Security/ContentSecurityPolicyHandler.php#L57

So a quick fix could be to include the jQuery CDN as well in the CSP.

podarcis avatar Jul 26 '24 07:07 podarcis

Fixed by https://github.com/pimcore/admin-ui-classic-bundle/pull/749

Thank you @podarcis for suggesting the right fix

kingjia90 avatar Nov 15 '24 11:11 kingjia90