Uploaded image for project: 'Moodle app'
  1. Moodle app
  2. MOBILE-3863

Make CSP less strict to match behaviour in native devices

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • 4.0.0
    • 3.9.5
    • Security
    • Hide

      This issue needs to be tested in the webapp.

      1. Login in master site.
      2. Go to MM Dev Testing > H5P > H5P with MathJax.
      3. Check that the H5P displays the YouTube video and the MathJax (before this patch, the YouTube video wasn't seen and you could see the original TeX notation).
      Show
      This issue needs to be tested in the webapp . Login in master site. Go to MM Dev Testing > H5P > H5P with MathJax. Check that the H5P displays the YouTube video and the MathJax (before this patch, the YouTube video wasn't seen and you could see the original TeX notation).
    • MOODLE_39_STABLE
    • MOODLE_400_STABLE
    • Moodle App 4.0

    Description

      We have the following setting in config.xml:

      <access origin="*" />

      It seems this setting overrides the CSP because the app allows loading styles and scripts from any source. However, in the webapp the CSP is applied and it blocks some requests (e.g. MathJax in H5P). We should make the CSP less strict to match the behaviour in native devices..

      Attachments

        Activity

          People

            dpalou Dani Palou
            dpalou Dani Palou
            Pau Ferrer Pau Ferrer
            Pau Ferrer Pau Ferrer
            Juan Leyva Juan Leyva
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Clockify

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.