Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-1991

Warning for console plugin on 4.18 OCP

XMLWordPrintable

    • False
    • None
    • False
    • NetObserv - Sprint 264, NetObserv - Sprint 265
    • Important

      Description of problem:

      OCP console shows warning for netobserv console plugin that it violates content security policy

      Steps to Reproduce:

      1. Deploy OCP for 4.18 (noticed on: 4.18.0-0.nightly-2024-11-27-012716)
2. Install netobserv from upstream with v0.0.0-main tag
3. Create a flowcollector
3. Logon to OCP console; below warning could be seen in dev console.

      Actual results:

      [Report Only] Refused to create a worker from 'blob:https://console-openshift-console.apps.memodi-11250849.qe.devcluster.openshift.com/9c91775c-6e98-42e3-8d40-5397f6dc5e76' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-S-JJv0sAiPeXRv_Wqdr10KfNkGXuFNXo'". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.

ZU @ index.js:143605

      Expected results:

      Warning should not appear

      https://redhat-internal.slack.com/archives/C02939DP5L5/p1732552051436789 

       

      See also: https://github.com/openshift/console/blob/master/frontend/packages/console-dynamic-plugin-sdk/README.md#content-security-policy

        1. image-2025-01-16-10-15-19-505.png
          244 kB
          Mehul Modi

              jpinsonn@redhat.com Julien Pinsonneau
              rhn-support-memodi Mehul Modi
              Amogh Rameshappa Devapura Amogh Rameshappa Devapura
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: