Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Content Security Policy violation after logging in with AD

See original GitHub issue

Hey there,

After logging in with a local LDAP server, which is successful - I can browse scoold while being logged in, however I don’t get redirected automatically. Instead I get an exception in my developer tools for my browser:

Refused to send form data to 'http://xxx/ldap_auth' because it violates the following Content Security Policy directive: "form-action 'self' http://xxx/signout".

Despite this being shown in my developer tools, I don’t get an error graphically reported on the Scoold page itself, something that does happen with incorrect log details.

Would there be a way to make this work without letting users manually having to navigate away - not knowing whether the logging in worked initially or not?

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:5 (5 by maintainers)

github_iconTop GitHub Comments

rberendscommented, Jul 25, 2022

Hey there!

After switching to a locally hosted Para installation, and setting = false, it redirects users without any problems. It seems to have resolved all issues so far.

Thank you!

albogdanocommented, Sep 2, 2022

Fixed in Scoold Pro.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Content Security Policy (CSP) - HTTP - MDN Web Docs
Chrome Edge Content‑Security‑Policy Full support. Chrome25. more. Toggle history Full sup... base‑uri Full support. Chrome40. Toggle history Full sup... block‑all‑mixed‑content. Deprecated Full support. ChromeYes. Toggle history...
Read more >
Content Security Policy violation - Stack Overflow
I faced a similar problem; if the parent page was served over plain http and the iframed page served the CSP header with...
Read more >
Content security policy - Power Platform - Microsoft Learn
ContentSecurityPolicyReportUri controls whether reporting should be used. This setting is used by both model-driven and canvas apps. A valid ...
Read more >
Processing Content Security Policy violation reports
This post briefly explains how this works, and presents a simple example script that can be used to process these reports.
Read more >
Implementing CSP and Trusted Types debugging in Chrome ...
Content Security Policy (CSP) allows to restrict certain behaviors in a website to increase security. For example, CSP can be used to disallow ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found