Re: [libreoffice-website] WordPress broken images [urgent]

On 04/01/2020 15:04, Guilhem Moulin wrote:
> On Sat, 04 Jan 2020 at 13:43:46 +0100, William Gathoye (LibreOffice) wrote:
> > An incident happened between yesterday evening and today (now).
>
> The CSP was last changed on Thu Jan 2 round 03:30 UTC, so — assuming the
> images resources didn't magically moved to .wp.com — the regression is
> actually older.

Yes, they were hosted on wp.com since the very beginning.

And indeed the date you specified about this CSP change coincides with
the time I noticed the issue.
> Ooops.  Extended it to https://*.wp.com for now.  The better fix would
> be to host these ourselves and tighten the CSP, of course.  That's also
> true for Google fonts, WordPress fonts/script/styles etc.

Great. Thanks for the fix.

If you have an account on the FR WordPress and you go at [1], if you try
to disable this CDN, you get the following CSP errors as well.

Example:

Content Security Policy: The page’s settings blocked the loading of a
resource at
http://fr.blog.documentfoundation.org/wp-json/jetpack/v4/rewind?_cacheBuster=1578146864121
(“connect-src”).

Could you maybe do something as well about these?

[1]
https://fr.blog.documentfoundation.org/wp-admin/admin.php?page=jetpack#/performance

-- 
William Gathoye
Hyper<hack>tive volunteer for LibreOffice
Proud member of The Document Foundation
Member of LaMouette - French based association promoting ODF and LibreOffice

-- 
To unsubscribe e-mail to: website+unsubscribe@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy