-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
Initially debugged under OTHER-433.
If the user has set the preference "Use beta site", which is tracked as a cookie "beta", then logging into another website (such as MetaBrainz Weblate) through MusicBrainz OAuth fails because it violates the following Content Security Policy directive: "form-action 'self' musicbrainz.org".
There might be more issues underneath as a warning is also triggered even without "Use beta site".
Attempts:
| Login | Browser | Date | Weblate | Account | Beta redirect | Notes |
|---|---|---|---|---|---|---|
| Yes | Firefox 132/Linux (Desktop) | 12 nov | 5.8.2 | yvanzoo | No | [1] |
| Yes | Chrome 121/Linux (Desktop) | 12 nov | 5.8.2 | yvanzoo | No | |
| No | Chrome 121/Linux (Desktop) | 12 nov | 5.8.2 | yvanzoo | Yes | [2] |
Notes:
- Console messages:
Content-Security-Policy: The page's settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: "script-src 'self'" 2 prepareInjection.js:1:1063 [Never-Consent] registerCookie cookieconsent_status=deny nc.js:6:15 [Never-Consent] registerCookie notice_preferences=0: nc.js:6:15 [Never-Consent] registerCookie cabinet_bedin_cookies=xxx=: nc.js:6:15 [Never-Consent] registerCookie notice_gdpr_prefs=0: nc.js:6:15 - Console messages:
Refused to send form data to 'https://translations.metabrainz.org/accounts/login/musicbrainz/' because it violates the following Content Security Policy directive: "form-action 'self' musicbrainz.org".
- is related to
-
-
- Closed
-
OAuth2 violates content security policy when beta site preference is set
-
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
Initially debugged under OTHER-433.
If the user has set the preference "Use beta site", which is tracked as a cookie "beta", then logging into another website (such as MetaBrainz Weblate) through MusicBrainz OAuth fails because it violates the following Content Security Policy directive: "form-action 'self' musicbrainz.org".
There might be more issues underneath as a warning is also triggered even without "Use beta site".
Attempts:
| Login | Browser | Date | Weblate | Account | Beta redirect | Notes |
|---|---|---|---|---|---|---|
| Yes | Firefox 132/Linux (Desktop) | 12 nov | 5.8.2 | yvanzoo | No | [1] |
| Yes | Chrome 121/Linux (Desktop) | 12 nov | 5.8.2 | yvanzoo | No | |
| No | Chrome 121/Linux (Desktop) | 12 nov | 5.8.2 | yvanzoo | Yes | [2] |
Notes:
- Console messages:
Content-Security-Policy: The page's settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: "script-src 'self'" 2 prepareInjection.js:1:1063 [Never-Consent] registerCookie cookieconsent_status=deny nc.js:6:15 [Never-Consent] registerCookie notice_preferences=0: nc.js:6:15 [Never-Consent] registerCookie cabinet_bedin_cookies=xxx=: nc.js:6:15 [Never-Consent] registerCookie notice_gdpr_prefs=0: nc.js:6:15 - Console messages:
Refused to send form data to 'https://translations.metabrainz.org/accounts/login/musicbrainz/' because it violates the following Content Security Policy directive: "form-action 'self' musicbrainz.org".
- is related to
-
-
- Closed
-
-
Unassigned
-
yvanzo
- Votes:
-
0 Vote for this issue
- Watchers:
-
1 Start watching this issue
- Created:
- Updated:
| Version | Package |
|---|