LDAP Account Manager / Bugs / #213 Captcha don't show anymore in selfService login page

#213 Captcha don't show anymore in selfService login page

Milestone: v7.1

Status: closed-fixed

Owner: Roland Gruber

Labels: Captcha (1) selfService (1)

Priority: 5

Updated: 2020-04-10

Created: 2020-04-10

Creator: Christian PIERRE

Private: No

Hello,
In the selfService login page, the Captcha don't show anymore.
Web Browsers complain about "Content-Security-Policy".
I've had a look to file : lib/security.inc
Replacing line #690 :
header('Content-Security-Policy: frame-ancestors \'self\'; form-action \'self\'; base-uri \'none\'; object-src \'none\'; frame-src \'self\' https://*.duosecurity.com; worker-src \'self\'');
With a line from previous version (6.6) :
header('Content-Security-Policy: frame-ancestors \'self\'');
Make the Captcha works again ...

Best regards,
C.PIERRE

Discussion

Roland Gruber - 2020-04-10

Thanks a lot for the report and for the detailled error description. It will be solved in next release. Here is the fix:

https://github.com/LDAPAccountManager/lam/commit/07f5ae2d7a68e38db878894c51faf5f431b3ca99

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Roland Gruber - 2020-04-10

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Captcha don't show anymore in selfService login page

Group

Searches

Help

#213 Captcha don't show anymore in selfService login page

Discussion