Univention Bugzilla – Bug 49912
connect-src and frame-ancestors CSP are broken on slave
Last modified: 2023-01-18 13:21:12 CET
connect-src and frame-ancestors CSP are broken on slave I got the following errors on an school slave (in the browser console): ''' (index):1 The source list for Content Security Policy directive 'connect-src' contains an invalid source: 'https:///'. It will be ignored. (index):1 The source list for Content Security Policy directive 'connect-src' contains an invalid source: 'http:///'. It will be ignored. (index):1 The source list for Content Security Policy directive 'frame-ancestors' contains an invalid source: 'https:///'. It will be ignored. (index):1 The source list for Content Security Policy directive 'frame-ancestors' contains an invalid source: 'http:///'. It will be ignored. ''' I guess the ucr variable "ucs/server/sso/fqdn" was set after "/etc/apache2/sites-available/univention.conf" was created. On a side note, I changed connect-src and frame-ancestors to include only 'self', with saml (including our passive iframe login) still working. Is ucs-sso even needed in these CSP?