From: "Martin Liška" <mliska@suse.cz>
To: Gerald Pfeifer <gerald@pfeifer.com>
Cc: gcc-patches@gcc.gnu.org
Subject: Re: [DOCS] sphinx: use new Sphinx links
Date: Thu, 10 Nov 2022 11:36:00 +0100 [thread overview]
Message-ID: <457a6a03-91ae-8d5b-1f5b-1a5c9afa924e@suse.cz> (raw)
In-Reply-To: <638cad2d-9463-ad35-4b67-d18b42027521@pfeifer.com>
On 11/10/22 11:03, Gerald Pfeifer wrote:
> On Thu, 10 Nov 2022, Martin Liška wrote:
>>> https://gcc.gnu.org/install/ is back with a new face.
>> But it's not working properly due to some Content Security Policy:
>
> Hmm, it worked in my testing before and I just tried again:
>
> Firefox 106.0.1 (64-bit) and now also Chrome 106.0.5249.119
> and w3m.
>
> Which browser are you using? Any particular add-ons or special security
> settings?
>
>> Refused to apply inline style because it violates the following Content
>> Security Policy directive: "default-src 'self' http: https:". Either the
>> 'unsafe-inline' keyword, a hash
>> ('sha256-wAI2VKPX8IUBbq55XacEljWEKQc4Xc1nmwVsAjAplNU='), or a nonce
>> ('nonce-...') is required to enable inline execution. Note also that
>> 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
>
> That looks like it's related to some Javascript fun? Does sphinx pull in
> something? Ohhhh, it does. A lot.
>
> I'm not using any Javascript blocker, though, so not sure why I am not
> seeing any such warnings?
>
> Searching for "+sphinx" and this message did not result in anything.
>
> (It feels a bit curious how the position in the web server's file system
> or a symlink could trigger something like that?)
>
>
> Looking at the source code of index.html I am wondering about
>
> <html class="no-js" lang="en">
>
> versus all the .js inclusions later on.
>
> And https://validator.w3.org/nu/?doc=https%3A%2F%2Fgcc.gnu.org%2Finstall%2F
> and https://validator.w3.org/nu/?doc=https%3A%2F%2Fgcc.gnu.org%2Fonlinedocs%2Finstall%2F
> appear equally (un)happy.
>
> Gerald
Well, I can also reproduce it on my mobile phone.
Anyway, the difference is:
$ curl https://gcc.gnu.org/install/index.html -v &> bad.txt
$ curl https://gcc.gnu.org/onlinedocs/install/index.html -v &> good.txt
$ diff -u good.txt bad.txt
--- good.txt 2022-11-10 11:33:45.293631904 +0100
+++ bad.txt 2022-11-10 11:33:37.813669264 +0100
@@ -32,31 +32,32 @@
* subjectAltName: host "gcc.gnu.org" matched cert's "gcc.gnu.org"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Using HTTP2, server supports multiplexing
+* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* h2h3 [:method: GET]
-* h2h3 [:path: /onlinedocs/install/index.html]
+* h2h3 [:path: /install/index.html]
* h2h3 [:scheme: https]
* h2h3 [:authority: gcc.gnu.org]
* h2h3 [user-agent: curl/7.86.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x5555555bf890)
} [5 bytes data]
-> GET /onlinedocs/install/index.html HTTP/2
+> GET /install/index.html HTTP/2
> Host: gcc.gnu.org
> user-agent: curl/7.86.0
> accept: */*
>
{ [5 bytes data]
< HTTP/2 200
-< date: Thu, 10 Nov 2022 10:33:45 GMT
+< date: Thu, 10 Nov 2022 10:33:37 GMT
< server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.70 mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
< last-modified: Wed, 09 Nov 2022 18:51:10 GMT
< etag: "8232-5ed0e23e07250"
< accept-ranges: bytes
< content-length: 33330
< vary: Accept-Encoding
+< content-security-policy: default-src 'self' http: https:
< strict-transport-security: max-age=16070400
< content-type: text/html; charset=utf-8
<
@@ -485,7 +486,7 @@
</aside>
100 33330 100 33330 0 0 61514 0 --:--:-- --:--:-- --:--:-- 61494
100 33330 100 33330 0 0 62652 0 --:--:-- --:--:-- --:--:-- 62768
* Connection #0 to host gcc.gnu.org left intact
v>
</div><script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
=======
See that the problematic for some reason uses "content-security-policy: default-src 'self' http: https:".
And it uses 'Using HTTP2, server supports multiplexing'
Martin
next prev parent reply other threads:[~2022-11-10 10:36 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-09 11:13 Martin Liška
2022-11-09 11:22 ` Martin Liška
2022-11-09 13:49 ` Martin Liška
2022-11-10 8:28 ` Gerald Pfeifer
2022-11-10 8:50 ` Martin Liška
2022-11-10 9:35 ` Gerald Pfeifer
2022-11-10 9:39 ` Martin Liška
2022-11-10 10:03 ` Gerald Pfeifer
2022-11-10 10:36 ` Martin Liška [this message]
2022-11-10 10:36 ` Tobias Burnus
2022-11-12 9:30 ` Gerald Pfeifer
2022-11-12 19:12 ` Gerald Pfeifer
2022-11-10 15:37 ` old install to a different folder Martin Liška
2022-11-10 19:24 ` Gerald Pfeifer
2022-11-11 8:40 ` Tobias Burnus
2022-11-11 8:50 ` Martin Liška
2022-11-11 9:11 ` Tobias Burnus
2022-11-11 10:18 ` Richard Biener
2022-11-11 10:33 ` Martin Liška
2022-11-11 10:37 ` Tobias Burnus
2022-11-12 0:06 ` Joseph Myers
2022-11-13 19:43 ` Martin Liška
2022-11-14 1:21 ` Gerald Pfeifer
2022-11-14 3:14 ` Martin Liška
2022-11-09 22:13 ` [DOCS] sphinx: use new Sphinx links Gerald Pfeifer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=457a6a03-91ae-8d5b-1f5b-1a5c9afa924e@suse.cz \
--to=mliska@suse.cz \
--cc=gcc-patches@gcc.gnu.org \
--cc=gerald@pfeifer.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).