-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Strict MIME type checking is enforced for module scripts per HTML #4178
Comments
Most likely this could be closed directly as "invalid": When mixing very outdated versions of components like In this special case the outdated version shipped by that 3rdparty Ubuntu provider is not including e.g. greenbone/gsad/pull/171 See https://greenbone.github.io how to get more recent versions of all components and https://forum.greenbone.net/ for installation support. |
Expected behavior
Actual behavior
I Install openvas on ubuntu 24.04
Because this did not install the web interface I clone this git
I run the build without errors
I have installed the GSA.
The webserver respond with the index.html but did load the javascript and CSS
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk='), or a nonce ('nonce-...') is required to enable inline execution.
127.0.0.1/:12 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='), or a nonce ('nonce-...') is required to enable inline execution.
index-D8O4oQLF.js:1 Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html". Strict MIME type checking is enforced for module scripts per HTML spec.
On Firefox I have this message
Il caricamento del modulo da “https://127.0.0.1:9392/assets/index-D8O4oQLF.js” è stato bloccato a causa del tipo MIME non consentito (“text/html”).
Il foglio di stile https://127.0.0.1:9392/assets/index-DTH69syH.css non è stato caricato in quanto il suo tipo MIME, “text/html”, non corrisponde a “text/css”.
Content-Security-Policy: Le impostazioni della pagina hanno bloccato l’esecuzione di uno script in linea (script-src-elem) in quanto viola la seguente direttiva: “script-src 'self'”
Content-Security-Policy: Le impostazioni della pagina hanno bloccato l’esecuzione di uno script in linea (script-src-elem) in quanto viola la seguente direttiva: “script-src 'self'”
Il foglio di stile https://127.0.0.1:9392/assets/index-DTH69syH.css non è stato caricato in quanto il suo tipo MIME, “text/html”, non corrisponde a “text/css”.
Steps to reproduce
1.Install openvas on Ubuntu 24.04
2.Clone gsa repo
3.Build and install on folder created by installer
GVM versions
gsa: (gsad --version) 22.08.0~git
gvm: (gvmd --version) 23.1.0
openvas-scanner: (openvassd --version)
gvm-libs:
Environment
Operating system: Ubuntu 24.04
Installation method / source: (packages, source installation)
Logfiles
gsad main:MESSAGE:2024-10-03 11h32.21 utc:11937: Starting GSAD version 22.08.0
gitgitgsad main:CRITICAL:2024-10-03 11h32.21 utc:11937: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
gsad main:WARNING:2024-10-03 11h32.21 utc:11942: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2024-10-03 11h33.51 utc:12598: Starting GSAD version 22.08.0
gsad main:CRITICAL:2024-10-03 11h33.51 utc:12598: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
gsad main:WARNING:2024-10-03 11h33.51 utc:12600: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2024-10-03 11h35.22 utc:12654: Starting GSAD version 22.08.0
gitgitgsad main:CRITICAL:2024-10-03 11h35.22 utc:12654: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
gsad main:WARNING:2024-10-03 11h35.22 utc:12656: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2024-10-03 11h36.52 utc:12823: Starting GSAD version 22.08.0
gsad main:WARNING:2024-10-03 11h36.52 utc:12824: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2024-10-03 12h35.15 utc:21879: Starting GSAD version 22.08.0
gitgitgsad main:WARNING:2024-10-03 12h35.15 utc:21881: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2024-10-03 12h35.36 utc:22087: Starting GSAD version 22.08.0
gsad main:WARNING:2024-10-03 12h35.36 utc:22089: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2024-10-03 13h25.57 utc:33356: Starting GSAD version 22.08.0
gitgitgsad main:WARNING:2024-10-03 13h25.57 utc:33358: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2024-10-03 13h29.53 utc:2034: Starting GSAD version 22.08.0
gsad main:WARNING:2024-10-03 13h29.53 utc:2038: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2024-10-03 13h33.26 utc:2025: Starting GSAD version 22.08.0
gitgitgsad main:WARNING:2024-10-03 13h33.26 utc:2032: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2024-10-03 13h46.21 utc:4595: Starting GSAD version 22.08.0
The text was updated successfully, but these errors were encountered: