The source list for CSP directive 'form-action' contains an invalid source (#1532) · Issues · LemonLDAP NG / lemonldap-ng

The source list for CSP directive 'form-action' contains an invalid source

Concerned version

Version: 2.0

Platform: Apache2

Summary

The source list for Content Security Policy directive 'form-action' contains an invalid source: '/?cancel=1'. It will be ignored.

Log


[debug] Display type logo for module Twitter
[debug] Authentication choice  Twitter will be displayed
[debug] Displaying authentication choice 5_Facebook
[debug] Use URL /?cancel=1
[debug] Display type logo for module Facebook
[debug] Authentication choice  Facebook will be displayed
[debug] Displaying authentication choice 6_SAML
[debug] Use URL /?cancel=1
[debug] Display type logo for module SAML
[debug] Authentication choice  SAML will be displayed
[debug] Displaying authentication choice 7_OpenID_Connect
[debug] Use URL /?cancel=1
[debug] Display type logo for module OpenIDConnect
[debug] Authentication choice  OpenID Connect will be displayed
[debug] Displaying authentication choice 8_CAS
[debug] Use URL /?cancel=1
[debug] Display type logo for module CAS
[debug] Authentication choice  CAS will be displayed
[debug] Skin returned: login
[debug] Calling sendHtml with template login
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Set CSP form-action with request URL:  /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1
[debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';form-action 'self' *  /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1;frame-ancestors 'none';

### Concerned version

Version: 2.0

Platform: Apache2

### Summary
The source list for Content Security Policy directive 'form-action' contains an invalid source: '/?cancel=1'. It will be ignored.

### Log
```

[debug] Display type logo for module Twitter
[debug] Authentication choice  Twitter will be displayed
[debug] Displaying authentication choice 5_Facebook
[debug] Use URL /?cancel=1
[debug] Display type logo for module Facebook
[debug] Authentication choice  Facebook will be displayed
[debug] Displaying authentication choice 6_SAML
[debug] Use URL /?cancel=1
[debug] Display type logo for module SAML
[debug] Authentication choice  SAML will be displayed
[debug] Displaying authentication choice 7_OpenID_Connect
[debug] Use URL /?cancel=1
[debug] Display type logo for module OpenIDConnect
[debug] Authentication choice  OpenID Connect will be displayed
[debug] Displaying authentication choice 8_CAS
[debug] Use URL /?cancel=1
[debug] Display type logo for module CAS
[debug] Authentication choice  CAS will be displayed
[debug] Skin returned: login
[debug] Calling sendHtml with template login
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Set CSP form-action with request URL:  /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1
[debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';form-action 'self' *  /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1;frame-ancestors 'none';

```

![Capture_d_écran_2018-10-29_21-40-00](/uploads/7f3416d84b44f2e753ebc2649bf9f911/Capture_d_écran_2018-10-29_21-40-00.png)

Edited Oct 29, 2018 by Christophe Maudoux

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.