- From: Chris Lilley <chris@w3.org>
- Date: Mon, 12 Mar 2018 15:36:49 -0400
- To: "www-style@w3.org" <www-style@w3.org>
- Message-ID: <a95f0540-8a6b-1ea5-f167-630498ea599e@w3.org>
Hi folks,
I'm seeing a new error on drafts.csswg.org today, for documents that
worked fine last week:
Content Security Policy: This site (https://drafts.csswg.org) has a
Report-Only policy without a report URI. CSP will not block and cannot
report violations of this policy.
Followed by lots of console log errors about scripts not loading
Content Security Policy: The page’s settings observed the loading of a
resource at self (“script-src”). A CSP report is being sent. Source: try
{ (function injectPageScriptAPI(scr.... issues:1
<https://drafts.csswg.org/issues?spec=css-fonts-3&doc=cr-2017>
Content Security Policy: The page’s settings observed the loading of a
resource at https://dev.mavo.io/dist/mavo.css (“style-src”). A CSP
report is being sent.
Content Security Policy: The page’s settings observed the loading of a
resource at https://dev.mavo.io/dist/mavo.js (“script-src”). A CSP
report is being sent.
Content Security Policy: The page’s settings observed the loading of a
resource at self (“script-src”). A CSP report is being sent. Source: try
{ var AG_onLoad=function(func){if(d.... issues:1
<https://drafts.csswg.org/issues?spec=css-fonts-3&doc=cr-2017>
local mavo.js:7 <https://dev.mavo.io/dist/maps/mavo.js>
Content Security Policy: The page’s settings observed the loading of a
resource at https://plugins.mavo.io/yaml/mavo-yaml.js (“script-src”). A
CSP report is being sent.
Content Security Policy: The page’s settings observed the loading of a
resource at https://plugins.mavo.io/markdown/mavo-markdown.js
(“script-src”). A CSP report is being sent.
Content Security Policy: The page’s settings observed the loading of a
resource at
https://cdnjs.cloudflare.com/ajax/libs/showdown/1.8.2/showdown.min.js
(“script-src”). A CSP report is being sent.
Content Security Policy: The page’s settings observed the loading of a
resource at
https://cdnjs.cloudflare.com/ajax/libs/dompurify/1.0.2/purify.min.js
(“script-src”). A CSP report is being sent.
Content Security Policy: The page’s settings observed the loading of a
resource at data:image/svg+xml,%3Csvg%20xmlns%3D%22h... (“default-src”).
A CSP report is being sent.
Content Security Policy: The page’s settings observed the loading of a
resource at self (“script-src”). A CSP report is being sent. Source:
call to eval() or related function blocked by CSP. mavoscript.js:382
<https://dev.mavo.io/dist/maps/mavoscript.js>
Content Security Policy: The page’s settings observed the loading of a
resource at
https://api.github.com/repos/w3c/csswg-drafts/contents/css-fonts-3/issues-cr-2017.yaml?timestamp=1520883169754
(“default-src”). A CSP report is being sent.
Content Security Policy: The page’s settings observed the loading of a
resource at
https://api.github.com/repos/w3c/csswg-drafts/contents/css-fonts-3/issues-cr-2017.yaml?timestamp=1520883169758
(“default-src”). A CSP report is being sent.
Content Security Policy: The page’s settings observed the loading of a
resource at https://api.github.com/user?timestamp=1520883169762
(“default-src”). A CSP report is being sent.
Content Security Policy: The page’s settings observed the loading of a
resource at https://avatars1.githubusercontent.com/u/2506926?v=4
(“default-src”). A CSP report is being sent.
Content Security Policy: The page’s settings observed the loading of a
resource at
https://api.github.com/repos/w3c/csswg-drafts?timestamp=1520883170884
(“default-src”). A CSP report is being sent.
Content Security Policy: The page’s settings observed the loading of a
resource at
https://cdnjs.cloudflare.com/ajax/libs/js-yaml/3.8.3/js-yaml.min.js
(“script-src”). A CSP report is being sent.
--
Chris Lilley
@svgeesus
Technical Director @ W3C
W3C Strategy Team, Core Web Design
W3C Architecture & Technology Team, Core Web & Media
Received on Monday, 12 March 2018 19:36:53 UTC