From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from elastic.org (elastic.org [96.126.110.187]) by sourceware.org (Postfix) with ESMTPS id 688F33858C98 for ; Mon, 25 Dec 2023 09:28:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 688F33858C98 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=elastic.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=elastic.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 688F33858C98 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=96.126.110.187 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703496541; cv=none; b=IsyObt28LIw3PmCncRBy9fHPCvWvnatAMnlTLl1Zw9nUzsOGNEhXih0N3Ax6GtsNapdZF5BKzKLHoupmZQiMK4mD2wPliTWDW53XLOpwMVQbY9ag7Adht0X+JEEtz3uLtrvftS0kPnSUQeE5rTJSxc7ShyMZA5ShCo0g3giL1m8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703496541; c=relaxed/simple; bh=/S02qmHixkHrw9HQpcO4PCQB3hFNhRRzsWwoHmY9QfI=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=o5WjBd8y2HdgQc1YvpGXnTt4QjpfJrpK0yUquBTGqAWmJwo4C0oo7tNfPaZUMHdb96RV3HDcFNbYjS5/WVlicNGM/m8HeKWVuc8lOBpwZsafVa1wXxi5VTm/aqIxqFACIvNK5v6gUo7U50sg6PcMrKWqU8WRlTsxa/KaChcdobk= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=elastic.org ; s=default2; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=AF0cp4jZ5dDg0et96jEw68uOIVrf9hRzUqKWjcsTwz0=; b=AYEAlAPKM7yleScOaXtbbLqwwC MlHN0pizymscPeIF4Tg2FwFq+8GXCjAztXowZW/vdh1yvvbtTygtfbVbxfRo91IHkunSW5IQ5ufFc P5C7lFf0DP9nJbV53Na/twFwgB+uimShF2U0EdcfwpzHdSZGuvNwKjHGf1DWbck1C5Ny0pt47D403 56L5x3kroe+nvROP9YgauYgEqwPLG1fKM+gwMpkWRez/vgpW3BqDBbZaHOCBTc+VcQL38AWV0C0Jm 3e+ADdnNETnJingdlrpl1fki/DGnQCZm28NQfHxfpmrN3OIJ4oyOX6ugC8uMqQteNO39PvH4Zaqr9 2/6GrikA==; Received: from vpn-home.elastic.org ([10.0.0.2] helo=elastic.org) by elastic.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from ) id 1rHhGZ-0007e4-2p; Mon, 25 Dec 2023 09:28:55 +0000 Received: from very.elastic.org ([192.168.1.1]) by elastic.org with esmtp (Exim 4.96.2) (envelope-from ) id 1rHhGZ-000XSz-1e; Mon, 25 Dec 2023 04:28:55 -0500 Received: from fche by very.elastic.org with local (Exim 4.96.2) (envelope-from ) id 1rHhGZ-008VHI-1S; Mon, 25 Dec 2023 04:28:55 -0500 Date: Mon, 25 Dec 2023 04:28:55 -0500 From: "Frank Ch. Eigler" To: Mike Frysinger Cc: Overseers mailing list Subject: Re: Content-Security-Policy on sourceware.org breaking HTML manuals Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Sender-Verification: "" X-Spam-Status: No, score=-102.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE,USER_IN_WELCOMELIST,USER_IN_WHITELIST autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi - > [...] unfortunately, projects don't seem to be consistent here. [...] Oh what a pity. https://content-security-policy.com/unsafe-inline/ "The unsafe-inline keyword annuls most of the security benefits that Content-Security-Policy provide." Well, let me try adding some docs/manuals URL patterns. But maybe we will need to bite the bullet and disable this gadget entirely. - FChE