CSP header blocking jquery.js script with primefaces 8.0

UI Components for JSF
Melloware
Posts: 1903
Joined: 22 Apr 2013, 15:48

25 Jun 2020, 15:07

OK let me try and reproduce.
PrimeFaces Developer | PrimeFaces Extensions Developer
GitHub Profile: https://github.com/melloware
PrimeFaces Elite 8.0.2 / PF Extensions 8.0.2

Melloware
Posts: 1903
Joined: 22 Apr 2013, 15:48

25 Jun 2020, 15:35

OK see the last comment here: https://github.com/primefaces/primefaces/issues/5179

I attached a reproducer of your code in a zip file please Run mvn clean jetty:run-exploded and navigate to http://localhost:8080/primefaces-test/csp.xhtml

It doesn't appear to have any issues...
PrimeFaces Developer | PrimeFaces Extensions Developer
GitHub Profile: https://github.com/melloware
PrimeFaces Elite 8.0.2 / PF Extensions 8.0.2

Melloware
Posts: 1903
Joined: 22 Apr 2013, 15:48

25 Jun 2020, 19:23

BTW your issue is your Next and Back buttons it doing two AJAX requests. Just change it to type="button" and eveyrthing works.

Code: Select all

<p:commandButton value="Next" onclick="PF('wiz').next()" type="button" />
<p:commandButton value="Previous" onclick="PF('wiz').back()" type="button"/>
PrimeFaces Developer | PrimeFaces Extensions Developer
GitHub Profile: https://github.com/melloware
PrimeFaces Elite 8.0.2 / PF Extensions 8.0.2

s_kenkre
Posts: 21
Joined: 01 Apr 2020, 16:08

01 Jul 2020, 06:11

Hello Guys,
Any help will be provided on this topic ?

Thanks

Melloware
Posts: 1903
Joined: 22 Apr 2013, 15:48

01 Jul 2020, 13:18

What do you mean? I posted the solution to your problem above?
PrimeFaces Developer | PrimeFaces Extensions Developer
GitHub Profile: https://github.com/melloware
PrimeFaces Elite 8.0.2 / PF Extensions 8.0.2

s_kenkre
Posts: 21
Joined: 01 Apr 2020, 16:08

08 Jul 2020, 12:38

any help on this ?

tandraschko
PrimeFaces Core Developer
Posts: 3755
Joined: 03 Dec 2010, 14:11
Location: Bavaria, DE
Contact:

08 Jul 2020, 13:20

are you unable to read the text written by melloware? :roll:
Thomas Andraschko

PrimeFaces | PrimeFaces Extensions

Apache Member | OpenWebBeans, DeltaSpike, MyFaces, BVal, TomEE

Sponsor me: https://github.com/sponsors/tandraschko
Blog: http://tandraschko.blogspot.de/
Twitter: https://twitter.com/TAndraschko

orianajonathan
Posts: 1
Joined: 10 Jul 2020, 11:55

11 Jul 2020, 13:59

Use "unsafe" and "unsafe", which is contrary to the purpose of using the PF CSP. PF always adds an insignificant value. When you look at your console error, it says "You can use unsecured Nancio lines".Why are you using custom policies? To add whitelisted sites, you only need to check insecure and insecure. Once you have done this, you will no longer use the PF CSP.

Post Reply

Return to “PrimeFaces”

  • Information
  • Who is online

    Users browsing this forum: No registered users and 42 guests