Re: [DOCS] sphinx: use new Sphinx links

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

From: Tobias Burnus <tobias@codesourcery.com>
To: <gcc-patches@gcc.gnu.org>, Gerald Pfeifer <gerald@pfeifer.com>
Subject: Re: [DOCS] sphinx: use new Sphinx links
Date: Thu, 10 Nov 2022 11:36:50 +0100	[thread overview]
Message-ID: <868ba580-dc90-7473-8bc0-7b8d5dae4cd0@codesourcery.com> (raw)
In-Reply-To: <638cad2d-9463-ad35-4b67-d18b42027521@pfeifer.com>

Hi,

On 10.11.22 11:03, Gerald Pfeifer wrote:
> On Thu, 10 Nov 2022, Martin Liška wrote:
>>> https://gcc.gnu.org/install/ is back with a new face.
>> But it's not working properly due to some Content Security Policy:
> Hmm, it worked in my testing before and I just tried again:
> Firefox 106.0.1 (64-bit)

Did you open the console (F12)? If I do, I see the errors:

Content Security Policy: The page’s settings blocked the loading of a
resource at inline (“default-src”). That's for line 18, which is
'<style>'. The next one is for line 42 (same error) which is for:
<script>document.body.dataset.theme = localStorage.getItem("theme") ||
"auto"; </script>And then there is twice: Content Security Policy: The
page’s settings blocked the loading of a resource at
data:image/svg+xml;charset=utf-8,<svg xm… (“default-src”).

> (It feels a bit curious how the position in the web server's file system
> or a symlink could trigger something like that?)

If you look at the output of 'curl -I', which shows only the HTTP header, you will
see that only the /install/ URL has:

content-security-policy: default-src 'self' http: https:

There must be some server configuration that add this - but it does not seem
to be in the .ht* files in the wwwdocs git repo.

I could imaging that /install often contains some files in the default config
such that the central Apache configuration contains has this line to disallow code.
As most production servers don't use /install - it won't affect them and protects
them from some issues. → Something for overseers to check.

For a description, see:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
and https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

* * *

> Looking at the source code of index.html I am wondering about
>    <html class="no-js" lang="en">
> versus all the .js inclusions later on.

But that only confuses humans - for the computer, it is just the name of
a CSS style sheet class.

Tobias

-----------------
Siemens Electronic Design Automation GmbH; Anschrift: Arnulfstraße 201, 80634 München; Gesellschaft mit beschränkter Haftung; Geschäftsführer: Thomas Heurung, Frank Thürauf; Sitz der Gesellschaft: München; Registergericht München, HRB 106955

next prev parent reply	other threads:[~2022-11-10 10:36 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-09 11:13 Martin Liška
2022-11-09 11:22 ` Martin Liška
2022-11-09 13:49   ` Martin Liška
2022-11-10  8:28     ` Gerald Pfeifer
2022-11-10  8:50       ` Martin Liška
2022-11-10  9:35         ` Gerald Pfeifer
2022-11-10  9:39           ` Martin Liška
2022-11-10 10:03             ` Gerald Pfeifer
2022-11-10 10:36               ` Martin Liška
2022-11-10 10:36               ` Tobias Burnus [this message]
2022-11-12  9:30                 ` Gerald Pfeifer
2022-11-12 19:12                   ` Gerald Pfeifer
2022-11-10 15:37           ` old install to a different folder Martin Liška
2022-11-10 19:24             ` Gerald Pfeifer
2022-11-11  8:40               ` Tobias Burnus
2022-11-11  8:50                 ` Martin Liška
2022-11-11  9:11                   ` Tobias Burnus
2022-11-11 10:18                     ` Richard Biener
2022-11-11 10:33                       ` Martin Liška
2022-11-11 10:37                       ` Tobias Burnus
2022-11-12  0:06                         ` Joseph Myers
2022-11-13 19:43                           ` Martin Liška
2022-11-14  1:21                             ` Gerald Pfeifer
2022-11-14  3:14                               ` Martin Liška
2022-11-09 22:13   ` [DOCS] sphinx: use new Sphinx links Gerald Pfeifer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=868ba580-dc90-7473-8bc0-7b8d5dae4cd0@codesourcery.com \
    --to=tobias@codesourcery.com \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=gerald@pfeifer.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).