On Thu, 10 Nov 2022, Martin Liška wrote:
>> https://gcc.gnu.org/install/ is back with a new face.
> But it's not working properly due to some Content Security Policy:
Hmm, it worked in my testing before and I just tried again:
Firefox 106.0.1 (64-bit) and now also Chrome 106.0.5249.119
and w3m.
Which browser are you using? Any particular add-ons or special security
settings?
> Refused to apply inline style because it violates the following Content
> Security Policy directive: "default-src 'self' http: https:". Either the
> 'unsafe-inline' keyword, a hash
> ('sha256-wAI2VKPX8IUBbq55XacEljWEKQc4Xc1nmwVsAjAplNU='), or a nonce
> ('nonce-...') is required to enable inline execution. Note also that
> 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
That looks like it's related to some Javascript fun? Does sphinx pull in
something? Ohhhh, it does. A lot.
I'm not using any Javascript blocker, though, so not sure why I am not
seeing any such warnings?
Searching for "+sphinx" and this message did not result in anything.
(It feels a bit curious how the position in the web server's file system
or a symlink could trigger something like that?)
Looking at the source code of index.html I am wondering about
<html class="no-js" lang="en">
versus all the .js inclusions later on.
And https://validator.w3.org/nu/?doc=https%3A%2F%2Fgcc.gnu.org%2Finstall%2F
and
https://validator.w3.org/nu/?doc=https%3A%2F%2Fgcc.gnu.org%2Fonlinedocs%2Finstall%2F
appear equally (un)happy.
Gerald
