On Thu, 10 Nov 2022, Martin Liška wrote:
>> https://gcc.gnu.org/install/ is back with a new face.
> But it's not working properly due to some Content Security Policy:

Hmm, it worked in my testing before and I just tried again: 

Firefox 106.0.1 (64-bit) and now also Chrome 106.0.5249.119 
and w3m.

Which browser are you using? Any particular add-ons or special security 
settings?

> Refused to apply inline style because it violates the following Content
> Security Policy directive: "default-src 'self' http: https:". Either the
> 'unsafe-inline' keyword, a hash
> ('sha256-wAI2VKPX8IUBbq55XacEljWEKQc4Xc1nmwVsAjAplNU='), or a nonce
> ('nonce-...') is required to enable inline execution. Note also that
> 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

That looks like it's related to some Javascript fun? Does sphinx pull in 
something? Ohhhh, it does. A lot. 

I'm not using any Javascript blocker, though, so not sure why I am not
seeing any such warnings?

Searching for "+sphinx" and this message did not result in anything.

(It feels a bit curious how the position in the web server's file system 
or a symlink could trigger something like that?)


Looking at the source code of index.html I am wondering about

  <html class="no-js" lang="en">

versus all the .js inclusions later on.

And https://validator.w3.org/nu/?doc=https%3A%2F%2Fgcc.gnu.org%2Finstall%2F
and https://validator.w3.org/nu/?doc=https%3A%2F%2Fgcc.gnu.org%2Fonlinedocs%2Finstall%2F
appear equally (un)happy.

Gerald