Uploaded image for project: 'Qt Project Website'
  1. Qt Project Website
  2. QTWEBSITE-1201

Multiple js issues at https://login.qt.io/login + can't auto fill form

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Not Evaluated
    • None
    • None
    • qt.io

    Description

      https://login.qt.io/login changed recently. I used to see green icons, which are now dark green.

      Before the color changed I was able to autofill the login/password with keepassxc-browser extension. This is not the case anymore since the dark green icons.

      Anyway, there are a lot of other javascript issues that are reported in the browser console. In firefox ESR and opera (chromium based) also.

      Opera

      [Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' <URL> <URL> <URL> <URL> 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL>".

theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
login:1 Access to font at 'https://assets.qt.io/fonts/titillium-web/titillium-web-latin-ext-400-normal.woff2' from origin 'https://login.qt.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
titillium-web-latin-ext-400-normal.woff2:1 
        
        
       Failed to load resource: net::ERR_FAILED
qt-icon.js:1883 [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'".

./node_modules/webpack/buildin/global.js @ qt-icon.js:1883
login:1 Access to font at 'https://assets.qt.io/fonts/titillium-web/titillium-web-latin-ext-700-normal.woff2' from origin 'https://login.qt.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
titillium-web-latin-ext-700-normal.woff2:1 
        
        
       Failed to load resource: net::ERR_FAILED
login:1 Access to font at 'https://assets.qt.io/fonts/titillium-web/titillium-web-latin-ext-400-normal.woff' from origin 'https://login.qt.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
titillium-web-latin-ext-400-normal.woff:1 
        
        
       Failed to load resource: net::ERR_FAILED
gtm.js?id=GTM-W2746MC:5 [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'".

w.<computed>.e @ gtm.js?id=GTM-W2746MC:5
gtm.js?id=GTM-W2746MC:5 [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'".

w.<computed>.e @ gtm.js?id=GTM-W2746MC:5
gtm.js?id=GTM-W2746MC:550 [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-U0wZWG37FTyGY60TBXb0welIUM7ZrjOf'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.

(anonymous) @ gtm.js?id=GTM-W2746MC:550
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
login:1 Access to font at 'https://assets.qt.io/fonts/titillium-web/titillium-web-latin-ext-700-normal.woff' from origin 'https://login.qt.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
titillium-web-latin-ext-700-normal.woff:1 
        
        
       Failed to load resource: net::ERR_FAILED
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()
theqtcompany.report-uri.com/r/d/csp/reportOnly:1 
        
        
       Failed to load resource: the server responded with a status of 429 ()

      Firefox

      Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: nonce-source or hash-source specified login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/main.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff2;base64,d09GMgABAAAAAC4UA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff;base64,d09GRgABAAAAAD1EAA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff2;base64,d09GMgABAAAAABoEA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff;base64,d09GRgABAAAAACNsAA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff2;base64,d09GMgABAAAAAC9oA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff;base64,d09GRgABAAAAAD+QAA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff2;base64,d09GMgABAAAAABqMA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff;base64,d09GRgABAAAAACO0AA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff2;base64,d09GMgABAAAAADBUA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff;base64,d09GRgABAAAAAEBYAA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff2;base64,d09GMgABAAAAABp4A… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff;base64,d09GRgABAAAAACP0AA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff2;base64,d09GMgABAAAAADBgA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff;base64,d09GRgABAAAAAEEAAA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff2;base64,d09GMgABAAAAABrwA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff;base64,d09GRgABAAAAACPgAA… because it violates the following directive: “font-src 'self' https://assets.qt.io” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/component/accordion/qt-accordion.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/qt-button-kDzCVDmX.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/component/checkbox/qt-checkbox.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/component/icon/qt-icon.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/component/input/qt-input.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/component/main-nav/item/qt-main-nav-item.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/component/main-nav/qt-main-nav.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/qt-radio-group-9vZDTQ2K.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/component/select/option/qt-select-option.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/component/select/qt-select.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/property-xCGpOSAp.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/event-9GaQoHNJ.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/query-d5psdZGA.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/class-map-5wuZ2AWL.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/directive-La912vBz.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/if-defined-GkN4kO_w.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/index-5JWCjxXo.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/live-4KWdZWMG.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/FormControlMixin-Frz18B6t.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/state-lueqQjvB.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/unsafe-svg-Qp7h6IbX.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/component/icon/pack/legacy/index.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
Content-Security-Policy: (Report-Only policy) The page’s settings would block a script (script-src-elem) at https://www.qt.io/hubfs/qt-web-components/2.0.0-rc.2/validators-hApvvPkN.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” login
POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://assets.qt.io/fonts/titillium-web/titillium-web-latin-ext-400-normal.woff2. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://assets.qt.io/fonts/titillium-web/titillium-web-latin-ext-700-normal.woff2. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

downloadable font: download failed (font-family: "Titillium Web" style:normal weight:400 stretch:100 src index:0): bad URI or cross-site access not allowed source: https://assets.qt.io/fonts/titillium-web/titillium-web-latin-ext-400-normal.woff2
downloadable font: download failed (font-family: "Titillium Web" style:normal weight:700 stretch:100 src index:0): bad URI or cross-site access not allowed source: https://assets.qt.io/fonts/titillium-web/titillium-web-latin-ext-700-normal.woff2
A resource is blocked by OpaqueResponseBlocking, please check browser console for details. 18 reportOnly
Content-Security-Policy: (Report-Only policy) The page’s settings would block a JavaScript eval (script-src) from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” (Missing 'unsafe-eval') qt-icon.js:1883:24
A resource is blocked by OpaqueResponseBlocking, please check browser console for details. reportOnly
A resource is blocked by OpaqueResponseBlocking, please check browser console for details. reportOnly
A resource is blocked by OpaqueResponseBlocking, please check browser console for details. reportOnly
A resource is blocked by OpaqueResponseBlocking, please check browser console for details. reportOnly
A resource is blocked by OpaqueResponseBlocking, please check browser console for details. reportOnly
A resource is blocked by OpaqueResponseBlocking, please check browser console for details. reportOnly
A resource is blocked by OpaqueResponseBlocking, please check browser console for details. reportOnly
A resource is blocked by OpaqueResponseBlocking, please check browser console for details. reportOnly
A resource is blocked by OpaqueResponseBlocking, please check browser console for details. reportOnly
Content-Security-Policy: (Report-Only policy) The page’s settings would block a JavaScript eval (script-src) from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” (Missing 'unsafe-eval') 2 gtm.js:5:28
Content-Security-Policy: (Report-Only policy) The page’s settings would block an inline script (script-src-elem) from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://d3jwykvhntmx2b.cloudfront.net https://ssl.google-analytics.com https://*.googletagmanager.com 'nonce-3zAIl75AbCfvlnZX7zcdAvgFlqRwIWTr'” gtm.js:550:429
A resource is blocked by OpaqueResponseBlocking, please check browser console for details. 13 reportOnly
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://assets.qt.io/fonts/titillium-web/titillium-web-latin-ext-400-normal.woff. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://assets.qt.io/fonts/titillium-web/titillium-web-latin-ext-700-normal.woff. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
downloadable font: download failed (font-family: "Titillium Web" style:normal weight:400 stretch:100 src index:1): bad URI or cross-site access not allowed source: https://assets.qt.io/fonts/titillium-web/titillium-web-latin-ext-400-normal.woff
POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

downloadable font: download failed (font-family: "Titillium Web" style:normal weight:700 stretch:100 src index:1): bad URI or cross-site access not allowed source: https://assets.qt.io/fonts/titillium-web/titillium-web-latin-ext-700-normal.woff
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff2;base64,d09GMgABAAAAADBUA… because it violates the following directive: “font-src 'self' https://assets.qt.io” fields.js:410:23
Content-Security-Policy: (Report-Only policy) The page’s settings would block the loading of a resource (font-src) at data:font/woff2;base64,d09GMgABAAAAAC4UA… because it violates the following directive: “font-src 'self' https://assets.qt.io” fields.js:410:23
Google Analytics and Tag Manager is being shimmed by Firefox. See https://bugzilla.mozilla.org/show_bug.cgi?id=1713687 for details. sandbox eval code:1:9
A resource is blocked by OpaqueResponseBlocking, please check browser console for details. reportOnly
POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

POST
https://theqtcompany.report-uri.com/r/d/csp/reportOnly
NS_BINDING_ABORTED

A resource is blocked by OpaqueResponseBlocking, please check browser console for details. 5 reportOnly
XHRPOST
https://region1.analytics.google.com/g/collect?v=2&tid=G-HSTV7378K3&gtm=45je4cc1v898569779z8898513050za200zb898513050&_p=1734255616270&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1684936656.1734255619&ul=fr-fr&sr=1440x900&frm=0&pscdl=noapi&dl=https://login.qt.io/login&sid=1734255619&sct=1&seg=0&dt=Qt Account Login&_s=2&tfd=8644
[HTTP/3 204  22ms]

XHRPOST
https://region1.analytics.google.com/g/collect?v=2&tid=G-QK0NGHVB4S&gtm=45je4cc1v898571774z8898513050za200zb898513050&_p=1734255616270&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1684936656.1734255619&ul=fr-fr&sr=1440x900&frm=0&pscdl=noapi&dl=https://login.qt.io/login&sid=1734255619&sct=1&seg=0&dt=Qt Account Login&_s=2&tfd=8645
[HTTP/3 204  24ms]

Some cookies are misusing the recommended “SameSite“ attribute 9

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. QTWEBSITE-1187 [REG] New login.qt.io/login breaks (Firefox) password manager(s)

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; Flaky tests; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              ollipuu Olli Puurunen
              ban F S
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes