@justinvelluppillai opened this Pull Request on August 21st 2021 Contributor

Description:

See dev-2271, this PR provides methods for SessionRecording to be able to embed a page in an iframe.

Review

@sgiehl commented on August 25th 2021 Member

@justinvelluppillai might be unrelated to this issue, but could you check if opening a row evolution shows csp warnings for you?
I'm seeing this for the sparklines:

[Report Only] Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAAAyCAYAAAAZUZThAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAEdklEQVR4nO3dMWwbZRjG8f+1FUhUCkaCQwJEg6oOrY7GGwMSsYVYbmiDUMxGgpgQQxqJbBWnk7JlSBo2liRdIsVLFswYu0wMiFB5AHVJKySqEwJjqaxmuAtcHMe+JOc7n+/5bc298X2p/Nx3733nM4jIiYy0ByCwtHe3CLhACZgAHgCrK+Xl3TTHJQpI6pb27s4DGydsvr9SXp5LcDjSRQFJUTBz/DSgbHGlvLyWxHjkuAtpDyDn3JhqZEgupT2AnCtFqJn4YOmz+Z+/+/1gQN2+16y1zj0iOUIBSddElKI/f/tnERj05i+alj3o9drAfoRd7kfY3189XqvlNWtRXj8zFJB0PQDeG1T04/b2VBw7My27ABQjlBaBlwbUvAV82PWzgmnZLcDxmrX66Uc4ehSQdK0yO...vTaRDhkUt6aENI0G808E+pFI7xNjAcoOdi/SfUb0yp38iFNhGebJn7gHStb0xrfSM36sCtATXtXJ9ihZ9P5TVrcwpHrjhRanIbEPUb+VatGPvAp31K7lcrxlour2JpfUMOBSvox77+rloxdiFnK+m6n0rkBKZlF03L/tu07Dtpj0WyY2xmkI7juPifWb4JPMG/SrFguG5L91PJWWU+IB3HOTxtutljc7vy/a/1hteeRP2GnME4XMXaonc4ACa+eedq6cvrrykcciaZDkjHcYoMWOwpPHdpYunG6zMJDUnGTM+VdNOyM/HVw9XHfxRnr7wcpbQMaK1DTi3TM8jzFy8UIpZGrRM5oucM4jVrUZbhU3frI6cE7EUorQ93JDKuMj2DGK5bx//kVz9tYGP4o5FxlOmABOY4/gWYYQuG6x4kNBYZM5kPiOG6+8AU/j00YU+AsuG6m4kPSsZG5hcKw4JFwyJwoFlD4vAvjOS9V2w4O8EAAAAASUVORK5CYII=' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

@justinvelluppillai commented on August 25th 2021 Contributor

@sgiehl yes this is relevant to this issue - @tsteur this means we need the data: policy most places so I will add it also to the default-src directive for all matomo pages.

@github-actions[bot] commented on September 2nd 2021 Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

This Pull Request was closed on September 2nd 2021
Powered by GitHub Issue Mirror