Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-56352

Content Security Policy prevent loading qrc resources files

    XMLWordPrintable

Details

    • Bug
    • Resolution: Invalid
    • Not Evaluated
    • None
    • 5.7.0
    • WebChannel, WebEngine
    • None

    Description

      Our application loads common web site with a Content Security Policy, but to improve the security the HAProxy got a CSP rule.

      The QRC scheme is not supported, and on Qt web side, there is not way to allow the this scheme:

      The web console returns:

      "Refused to load the script 'qrc:///javascript/qWebChannel.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' data: qrc:///javascript/qWebChannel.js [......."

      what ever data: is set or not.

      How to workaround this ?

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            milianw Milian Wolff
            zucher vincent
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes