Page MenuHomePhabricator

CSP error when loading scripts from on Wikidata
Closed, InvalidPublic


I am loading several user scripts from for use on Wikidata, however this doesn't work anymore due to a CSP error.
Example of script that fails and the error:
load.php?lang=nl&modules=startup&only=scripts&raw=1&skin=vector:11 [Report Only] Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self' * * * * * * * * * * * 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback..

Issue occurs in FireFox and Chrome

Event Timeline

Mbch331 created this task.Sun, Jan 19, 9:29 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSun, Jan 19, 9:29 AM
Mbch331 updated the task description. (Show Details)Sun, Jan 19, 9:30 AM
Mbch331 closed this task as Invalid.Sun, Jan 19, 9:33 AM

Something else was wrong, scripts now work again while the CSP message still shows in the browser console.

JJMC89 added a subscriber: JJMC89.

This isn't related to the Toolforge infrastructure, and it is working as intended (report only, not blocking).