On 04/01/2020 15:04, Guilhem Moulin wrote: > On Sat, 04 Jan 2020 at 13:43:46 +0100, William Gathoye (LibreOffice) wrote: >> An incident happened between yesterday evening and today (now). > > The CSP was last changed on Thu Jan 2 round 03:30 UTC, so — assuming the > images resources didn't magically moved to .wp.com — the regression is > actually older.
Yes, they were hosted on wp.com since the very beginning. And indeed the date you specified about this CSP change coincides with the time I noticed the issue. > > > Ooops. Extended it to https://*.wp.com for now. The better fix would > be to host these ourselves and tighten the CSP, of course. That's also > true for Google fonts, WordPress fonts/script/styles etc. > Great. Thanks for the fix. If you have an account on the FR WordPress and you go at [1], if you try to disable this CDN, you get the following CSP errors as well. Example: Content Security Policy: The page’s settings blocked the loading of a resource at http://fr.blog.documentfoundation.org/wp-json/jetpack/v4/rewind?_cacheBuster=1578146864121 (“connect-src”). Could you maybe do something as well about these? [1] https://fr.blog.documentfoundation.org/wp-admin/admin.php?page=jetpack#/performance -- William Gathoye Hyper<hack>tive volunteer for LibreOffice Proud member of The Document Foundation Member of LaMouette - French based association promoting ODF and LibreOffice -- To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.libreoffice.org/global/website/ Privacy Policy: https://www.documentfoundation.org/privacy
