Page MenuHomeMiraheze

Add some sites to frame and CSP whitelist
Closed, ResolvedPublic

Description

Hello,

I am trying to add a Widget to create iframe,
but external assets not native to Miraheze, the widget will not load the information.

I am using this widget: https://mcspringfieldserver.miraheze.org/wiki/Widget:NetEasy_CloudMusic_iframe

so may I ask to add these websites to the csp and frame whitelist?
https://music.163.com This is a music website in China, sometimes we need use the resources on it;
https://*.bilibili.com This is a video website in China, we have some videos in it and sometimes we need invoke those videos.

To my knowledge, this should present no security issues.

Sorry bad English,

Thank you in advance.

Event Timeline

Aunst created this task.Oct 2 2019, 13:40

Sorry for the delay in answering this. Is this still needed?

Aunst added a comment.Apr 7 2020, 08:53

Sorry for the delay in answering this. Is this still needed?

Yes, I still need this.

Zppix closed this task as Resolved.Apr 9 2020, 00:26
Zppix claimed this task.

the sites requested have now been whitelisted, once again we are sorry for the delay in responding

Aunst added a comment.EditedApr 11 2020, 14:32


Sorry, but there has a problem in whitelist, the domain of music.163.com should be music.163.com instead of *.music.163.com

Aunst reopened this task as Open.Apr 12 2020, 00:31
Aunst lowered the priority of this task from Normal to Low.
Zppix closed this task as Resolved.Apr 12 2020, 02:04
In T4760#102869, @Aunst wrote:


Sorry, but there has a problem in whitelist, the domain of music.163.com should be music.163.com instead of *.music.163.com

*.music.163.com will cover the entire domain including what you need.

Aunst added a comment.EditedApr 12 2020, 02:23
In T4760#102933, @Zppix wrote:
In T4760#102869, @Aunst wrote:


Sorry, but there has a problem in whitelist, the domain of music.163.com should be music.163.com instead of *.music.163.com

*.music.163.com will cover the entire domain including what you need.

But in my browser (Mozilla Firefox 75.0) , the console said

Content Security Policy: The page's settings blocked the loading of a resource at https://music.163.com/outchain/player?type=2&id=23826376&auto=0&height=66 ("default-src").
(https://mcspringfieldserver.miraheze.org/wiki/User:Aunst)

I think the whitelist should be *.163.com or music.163.com.

Aunst reopened this task as Open.Apr 12 2020, 02:24
Zppix closed this task as Resolved.Apr 12 2020, 18:33

changed