-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing IDN conversion in Content-Security-Policy builder #3086
Labels
1. to develop
Waiting for a developer
bug
Something isn't working
good first issue
Good for newcomers
Comments
Still affects richdocuments 8.1.1 |
joshtrichards
added
bug
Something isn't working
1. to develop
Waiting for a developer
labels
Nov 10, 2023
Still affects richdocuments 8.2.3 although the responsible code has been rewritten |
Pasting this here for reference: https://www.php.net/manual/de/function.idn-to-ascii.php
|
juliushaertl
added a commit
that referenced
this issue
Nov 24, 2023
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Added a commit to #3315 |
backportbot-nextcloud bot
pushed a commit
that referenced
this issue
Dec 1, 2023
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
1. to develop
Waiting for a developer
bug
Something isn't working
good first issue
Good for newcomers
Describe the bug
richdocuments breaks entire nextcloud instance if installed on an instance with unicode domain.
Adds raw unicode domain to the Content-Security-Policy-Header which makes browsers ignore those and therefore prevent any assets from being loaded. Nextcloud without javascript, images and css doesn't look that good.
To Reproduce
Install richdocuments on an instance with idn domain.
Expected behavior
FQDN in the Content-Security-Policy-Header must be idn_ascii converted
See nextcloud/server#39555 for details (including patch)
@kesselb has allready developed a patch for that nextcloud/server#39555 (comment), which I can confirm working.
The text was updated successfully, but these errors were encountered: