Page MenuHomePhabricator
Create Task
Maniphest T281213

Mailman3 tries to load Google Fonts, but blocked by CSP
Closed, ResolvedPublic
Actions

Description

Visiting https://lists-next.wikimedia.org/hyperkitty/list/test@lists-next.wikimedia.org/thread/RM2QKJBHWVE3LSZVRT2STY5DKVCCAJ3G/

Content Security Policy: The page’s settings blocked the loading of a resource at https://fonts.gstatic.com/s/droidsans/v6/s-BiyweUPV0v-yRb-cjciC3USBnSvpkopQaUR-2r7iU.ttf (“default-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at https://fonts.gstatic.com/s/droidsansmono/v7/ns-m2xQYezAtqh7ai59hJYW_AySPyikQrZReizgrnuw.ttf (“default-src”).

Yay for CSP, but still a problem (and should be reported upstream?). This is fallout from T278905: Reconsider which mailman3 version we're running.

Related Objects

Event Timeline

Legoktm triaged this task as High priority.Apr 27 2021, 4:40 AM
Legoktm created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 27 2021, 4:40 AM
Legoktm updated the task description. (Show Details)Apr 27 2021, 4:41 AM
Maintenance_bot added a project: SRE.Apr 27 2021, 4:45 AM
Legoktm added a comment.Apr 27 2021, 4:55 AM

https://lists-next.wikimedia.org/mailman3/static/CACHE/css/54a97321b5f1.css

@font-face {
  font-family: 'Droid Sans';
  font-style: normal;
  font-weight: 400;
  src: local('Droid Sans'), local('DroidSans'),
       url(https://fonts.gstatic.com/s/droidsans/v6/s-BiyweUPV0v-yRb-cjciC3USBnSvpkopQaUR-2r7iU.ttf) format('truetype'),
       url(/mailman3/static/hyperkitty/libs/fonts/droid/DroidSans.ttf?9a88e405c18d) format('truetype');
}
@font-face {
  font-family: 'Droid Sans Mono';
  font-style: normal;
  font-weight: 400;
  src: local('Droid Sans Mono'), local('DroidSansMono'),
       url(https://fonts.gstatic.com/s/droidsansmono/v7/ns-m2xQYezAtqh7ai59hJYW_AySPyikQrZReizgrnuw.ttf) format('truetype'),
       url(/mailman3/static/hyperkitty/libs/fonts/droid/DroidSansMono.ttf?9a88e405c18d) format('truetype');
}

http://lists-next.wikimedia.org/mailman3/static/hyperkitty/libs/fonts/droid/DroidSans.ttf?9a88e405c18d exists so it's loading from Google for no reason...

Legoktm added a comment.Apr 27 2021, 4:57 AM

This was already fixed upstream at https://gitlab.com/mailman/hyperkitty/-/commit/b35d20f45aafbd152e059abe3d4052485ffae305

Stashbot added a comment.Apr 27 2021, 5:27 AM

Mentioned in SAL (#wikimedia-operations) [2021-04-27T05:27:25Z] <legoktm> imported hyperkitty_1.3.4-2~bpo10+2 to apt.wm.o (T281213)

Legoktm added a comment.Apr 27 2021, 5:32 AM

I installed the new package, but I guess there's some command I need to run to force it to regenerate the CSS?

Legoktm closed this task as Resolved.Apr 27 2021, 5:40 AM
Legoktm claimed this task.

Also filed in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987654

In T281213#7036776, @Legoktm wrote:

I installed the new package, but I guess there's some command I need to run to force it to regenerate the CSS?

sudo mailman-web collectstatic --clear && sudo mailman-web compress && sudo systemctl restart mailman3-web (will document this)

This also fixed the postorius bug, yay.

Legoktm mentioned this in T281214: Uncaught ReferenceError: setup_thread_keyboard_shortcuts is not defined on Mailman3.Apr 27 2021, 5:41 AM
JJMC89 moved this task from Backlog to Mailman v3 on the Wikimedia-Mailing-lists board.Feb 20 2024, 8:10 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL