[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22357 [User Experience/Website]: Drop down menus are broken on Tor Browser download page
#22357: Drop down menus are broken on Tor Browser download page
-------------------------------------+---------------------------------
Reporter: arthuredelstein | Owner: arthuredelstein
Type: defect | Status: accepted
Priority: Medium | Milestone:
Component: User Experience/Website | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+---------------------------------
Changes (by arthuredelstein):
* cc: gk, boklm (added)
* owner: linda => arthuredelstein
* status: new => accepted
Comment:
I noticed in the JS console that the following error is being reported:
{{{
Content Security Policy: The page’s settings blocked the loading of a
resource at self (“script-src https://www.torproject.org”;). Source:
function updateLang() {
var calle....
}}}
Turns out CSP is being enforced and the website is not including "script-
src 'unsafe-inline'", so the inline `updateLang` function doesn't run. Did
our CSP get changed recently?
I wrote a patch that moves this inline function to an existing external
JavaScript file instead. Unfortunately the bundle version numbers are
stored in webml variables and these are only inserted in `.html` files.
Therefore I introduced an invisible `<span>` in our `.html` file whose
contents contain the version numbers. The updateLang function then parses
these version numbers and inserts them into the links as needed.
https://github.com/arthuredelstein/commit/22357
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22357#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs