Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
lemonldap-ng
lemonldap-ng
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 244
    • Issues 244
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 2
    • Merge Requests 2
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • LemonLDAP NG
  • lemonldap-nglemonldap-ng
  • Issues
  • #1532

Closed
Open
Opened Oct 29, 2018 by Christophe Maudoux@maudoux🐛Maintainer

The source list for CSP directive 'form-action' contains an invalid source

Concerned version

Version: 2.0

Platform: Apache2

Summary

The source list for Content Security Policy directive 'form-action' contains an invalid source: '/?cancel=1'. It will be ignored.

Log


[debug] Display type logo for module Twitter
[debug] Authentication choice  Twitter will be displayed
[debug] Displaying authentication choice 5_Facebook
[debug] Use URL /?cancel=1
[debug] Display type logo for module Facebook
[debug] Authentication choice  Facebook will be displayed
[debug] Displaying authentication choice 6_SAML
[debug] Use URL /?cancel=1
[debug] Display type logo for module SAML
[debug] Authentication choice  SAML will be displayed
[debug] Displaying authentication choice 7_OpenID_Connect
[debug] Use URL /?cancel=1
[debug] Display type logo for module OpenIDConnect
[debug] Authentication choice  OpenID Connect will be displayed
[debug] Displaying authentication choice 8_CAS
[debug] Use URL /?cancel=1
[debug] Display type logo for module CAS
[debug] Authentication choice  CAS will be displayed
[debug] Skin returned: login
[debug] Calling sendHtml with template login
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Set CSP form-action with request URL:  /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1
[debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';form-action 'self' *  /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1;frame-ancestors 'none';

Capture_d_écran_2018-10-29_21-40-00

Edited Oct 29, 2018 by Christophe Maudoux
Assignee
Assign to
2.0.0
Milestone
2.0.0 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: lemonldap-ng/lemonldap-ng#1532