View Issue Details

IDProjectCategoryView StatusLast Update
0021653mantisbtreportspublic2016-10-02 18:41
ReporteratrolAssigned Tovboctor 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.0.0-beta.2 
Target Version2.0.0-beta.3Fixed in Version2.0.0-beta.3 
Summary0021653: Graphs broken
Description

Graphs are no longer displayed due to CSP violations.
Regression, worked in 2.0.0-beta.1.

TagsNo tags attached.

Relationships

related to 0021650 closedvboctor Content-Security-Policy is disabled in 2.0.0-beta.1 

Activities

dregad

dregad

2016-08-29 07:18

developer   ~0053905

Likely caused by invalid CSP source directive, see my note on commit MantisBT master 133c109f

https://github.com/mantisbt/mantisbt/commit/133c109fd8ff26c44c3d617ec6171c075b486782#commitcomment-18810549

vboctor

vboctor

2016-09-05 23:54

manager   ~0053953

The charts are not rendering because the charts pages uses inline script and that is not white listed. There is also no current way to white list such pages.

vboctor

vboctor

2016-09-06 00:09

manager   ~0053954

PR: https://github.com/mantisbt/mantisbt/pull/881

Related Changesets

MantisBT: master bad2c14c

2016-09-20 02:43:45

vboctor


Committer: GitHub Details Diff
Fix CSP errors in MantisGraph plugin (0000881)

Fixes 0021653
mod - plugins/MantisGraph/MantisGraph.php Diff File

Issue History

Date Modified Username Field Change
2016-08-28 14:48 atrol New Issue
2016-08-28 14:49 atrol Description Updated View Revisions
2016-08-28 14:49 atrol Relationship added related to 0021650
2016-08-29 07:18 dregad Status new => confirmed
2016-08-29 07:18 dregad Note Added: 0053905
2016-09-05 23:37 vboctor Assigned To => vboctor
2016-09-05 23:37 vboctor Status confirmed => assigned
2016-09-05 23:54 vboctor Note Added: 0053953
2016-09-06 00:09 vboctor Note Added: 0053954
2016-09-20 02:43 vboctor Changeset attached => MantisBT master bad2c14c
2016-09-20 02:43 vboctor Status assigned => resolved
2016-09-20 02:43 vboctor Resolution open => fixed
2016-09-20 02:43 vboctor Fixed in Version => 2.0.0-beta.3
2016-10-02 18:41 vboctor Status resolved => closed