Uploaded image for project: 'OpenShift Console'
  1. OpenShift Console
  2. CONSOLE-4266

Address CSP inline script tag error in Console

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • None
    • None
    • HAC Infra OCP - Sprint 262

      Console HTML index template contains an inline script tag used to set up SERVER_FLAGS and visual theme config.

      This inline script tag triggers a CSP violation at Console runtime (see attachment for details).

      The proper way to address this error is to allow this script tag - either generate a SHA hash representing its contents or generate a cryptographically secure random token for the script.

      AC:

      • There is no CSP violation reported for inline script tag.

              vszocs@redhat.com Vojtech Szocs
              jhadvig@redhat.com Jakub Hadvig
              YaDan Pei YaDan Pei
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: