Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EventSource fallback will not work with IE versions that support CSP #14286

Closed
LukasReschke opened this issue Feb 17, 2015 · 7 comments · Fixed by #17791
Closed

EventSource fallback will not work with IE versions that support CSP #14286

LukasReschke opened this issue Feb 17, 2015 · 7 comments · Fixed by #17791
Labels
sev3-medium Type:Bug
Milestone
8.2

Comments

@LukasReschke
Copy link
Member

With TP Microsoft is considering supporting the Content-Security-Policy, however it will most likely still not support EventSource's. Our fallback relies on Inline JavaScript and everything in regard to EventSource (Updating / Files handling / Gallery / etc…) will fail horribly once MS ships TP…

We need to adjust the CSP (maybe #13989 can help here) or somehow differently fix this behaviour…
@LukasReschke
Copy link
Member Author

cc @icewind1991 fyi

@LukasReschke LukasReschke added this to the 8.1-next milestone Feb 17, 2015
@LukasReschke
Copy link
Member Author

Also see https://status.modern.ie/contentsecuritypolicy

@oparoz
Copy link
Contributor

oparoz commented Mar 13, 2015

The EventSource fallback just doesn't work period.

  1. Install oC8
  2. Click on the "Pictures" app in Internet Explorer 11
  3. Stare at the spinning wheel forever
  4. Look at the debugger. All the data is there, just never sent to where it's supposed to

I'm saying this in hope that the oC team will consider replacing OC_EventSource with a maintained polyfill and perhaps raise an issue there regarding upcoming changes in IE.

@LukasReschke
Copy link
Member Author

@jnfrmarks Has this been tested?

This was referenced Apr 14, 2015
Closed
Closed
@karlitschek
Copy link
Contributor

@jnfrmarks Can you test?

@jnfrmarks
Copy link

@davitol

Can you please give this a try?

@ghost ghost modified the milestones: 8.2-next, 8.1-current Jun 14, 2015
LukasReschke added a commit that referenced this issue Jul 21, 2015
@LukasReschke
Add custom CSP for Win 10 compatibility
874ccbf 
The default content-security-policy of ownCloud forbids inline
JavaScript for security reasons. IE starting on Windows 10 will
however also obey the CSP which will break the event source fallback.
As a workaround thus we set a custom policy which allows the execution
of inline JavaScript.

This fixes #14286
@LukasReschke LukasReschke mentioned this issue Jul 21, 2015
Merged
@oparoz
Copy link
Contributor

oparoz commented Jul 23, 2015

I've tested Pictures with Azure RemoteApp and it crashes the browser.

LukasReschke added a commit that referenced this issue Sep 10, 2015
@LukasReschke
Add custom CSP for Win 10 compatibility
4d1b898 
The default content-security-policy of ownCloud forbids inline
JavaScript for security reasons. IE starting on Windows 10 will
however also obey the CSP which will break the event source fallback.
As a workaround thus we set a custom policy which allows the execution
of inline JavaScript.

This fixes #14286
LukasReschke added a commit that referenced this issue Sep 10, 2015
@LukasReschke
Add custom CSP for Win 10 compatibility
bb5b729 
The default content-security-policy of ownCloud forbids inline
JavaScript for security reasons. IE starting on Windows 10 will
however also obey the CSP which will break the event source fallback.
As a workaround thus we set a custom policy which allows the execution
of inline JavaScript.

This fixes #14286
This was referenced Sep 10, 2015
Merged
Merged
@lock lock bot locked as resolved and limited conversation to collaborators Aug 8, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
sev3-medium Type:Bug
Projects
None yet
Milestone
8.2
Development

Successfully merging a pull request may close this issue.

Add custom CSP for Win 10 compatibility owncloud/core
5 participants
@MorrisJobke @oparoz @karlitschek @LukasReschke @jnfrmarks