Details
-
Bug
-
Resolution: Invalid
-
Not Evaluated
-
None
-
5.7.0
-
None
Description
Our application loads common web site with a Content Security Policy, but to improve the security the HAProxy got a CSP rule.
The QRC scheme is not supported, and on Qt web side, there is not way to allow the this scheme:
The web console returns:
"Refused to load the script 'qrc:///javascript/qWebChannel.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' data: qrc:///javascript/qWebChannel.js [......."
what ever data: is set or not.
How to workaround this ?