Uploaded image for project: 'Moodle app'
  1. Moodle app
  2. MOBILE-3863

Make CSP less strict to match behaviour in native devices

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Waiting for testing
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.9.5
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
    • Testing Instructions:
      Hide

      This issue needs to be tested in the webapp.

      1. Login in master site.
      2. Go to MM Dev Testing > H5P > H5P with MathJax.
      3. Check that the H5P displays the YouTube video and the MathJax (before this patch, the YouTube video wasn't seen and you could see the original TeX notation).
      Show
      This issue needs to be tested in the webapp . Login in master site. Go to MM Dev Testing > H5P > H5P with MathJax. Check that the H5P displays the YouTube video and the MathJax (before this patch, the YouTube video wasn't seen and you could see the original TeX notation).
    • Affected Branches:
      MOODLE_39_STABLE
    • Pull Master Branch:
    • Sprint:
      Moodle App 4.0

      Description

      We have the following setting in config.xml:

      <access origin="*" />

      It seems this setting overrides the CSP because the app allows loading styles and scripts from any source. However, in the webapp the CSP is applied and it blocks some requests (e.g. MathJax in H5P). We should make the CSP less strict to match the behaviour in native devices..

        Attachments

          Activity

            People

            Assignee:
            dpalou Dani Palou
            Reporter:
            dpalou Dani Palou
            Peer reviewer:
            Pau Ferrer Pau Ferrer
            Integrator:
            Pau Ferrer Pau Ferrer
            Tester:
            Isabel Renedo Rouco Isabel Renedo Rouco
            Participants:
            Component watchers:
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: