Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: symbol search popup fails to load #43949

Closed
myitcv opened this issue Jan 27, 2021 · 5 comments
Closed

x/pkgsite: symbol search popup fails to load #43949

myitcv opened this issue Jan 27, 2021 · 5 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite

Comments

@myitcv
Copy link
Member

myitcv commented Jan 27, 2021

What is the URL of the page with the issue?

https://pkg.go.dev/cuelang.org/go@v0.3.0-beta.3.0.20210124142225-9c5489fc66ed/cue

What is your user agent?

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.59 Safari/537.36

Screenshot

n/a

What did you do?

Tried to launch the symbol search via f

What did you expect to see?

A popup with a type-ahead box as usual, much like on https://pkg.go.dev/github.com/govim/govim/cmd/govim/config:

Screen Shot 2021-01-27 at 09 02 35

What did you see instead?

Nothing. Instead I see the following console errors:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'strict-dynamic' https: http: 'sha256-CgM7SjnSbDyuIteS+D1CQuSnzyKwL0qtXLU6ZW2hB+g=' 'sha256-dwce5DnVX7uk6fdvvNxQyLTH/cJrTMDK6zzrdKwdwcg=' 'sha256-Q0lBU5W61U2Bjmznl8iFgTCLw4PWCtS1taSwwNz3iGk=' 'sha256-T7xOt6cgLji3rhOWyKK7t5XKv8+LASQwOnHiHHy8Kwk=' 'sha256-1J6DWwTWs/QDZ2+ORDuUQCibmFnXXaNXYOtc0Jk6VU4=' 'sha256-y5EX2GR3tCwSK0/kmqZnsWVeBROA8tA75L+I+woljOE=' 'sha256-hsHIJwO1h0Vzwa75j0l07kUfQ7MEZGI/HlSPB/8leZ0=' 'sha256-CFun5NgnYeEpye8qcbQPq5Ycwavi4IXuZiIzSMNqRUw=' 'sha256-IHdniK/yZ8URNA2OYbc4R7BssOAe3/dFrSQW7PxEEfM=' 'sha256-hb8VdkRSeBmkNlbshYmBnkYWC/BYHCPiz5s7liRcZNM='". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.

cue:3476 Uncaught ReferenceError: loadScript is not defined
    at cue:3476
(anonymous) @ cue:3476
cue:3482 Uncaught ReferenceError: loadScript is not defined
    at cue:3482
(anonymous) @ cue:3482
cue:3485 Uncaught ReferenceError: loadScript is not defined
    at cue:3485
(anonymous) @ cue:3485
cue:3488 Uncaught ReferenceError: loadScript is not defined
    at cue:3488
(anonymous) @ cue:3488
cue:3499 Uncaught ReferenceError: loadScript is not defined
    at cue:3499
@myitcv myitcv added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite labels Jan 27, 2021
@gopherbot gopherbot added this to the Unreleased milestone Jan 27, 2021
@jba jba modified the milestones: Unreleased, pkgsite/unplanned Jan 27, 2021
@jamalc
Copy link

jamalc commented Jan 27, 2021

I cannot reproduce this but have a theory that it might've been a caching issue. Is this still happening @myitcv?

@myitcv
Copy link
Member Author

myitcv commented Jan 29, 2021

Given the above link, no I can't reproduce this now.

Is the caching issue related to the console errors I included?

@jamalc
Copy link

jamalc commented Feb 18, 2021

It might be. Our Content Security Policy (CSP) uses content hashes of the JavaScript we serve to enhance the security of pkg.go.dev. The loadScript function is used to load the code that would have opened symbol search but it was not defined because its content hash did not match any of the content hashes in our CSP header.

Just to rule this out, is it possible that you have any browser extensions installed that might've altered JavaScript on the page?

@myitcv
Copy link
Member Author

myitcv commented Feb 18, 2021

Just to rule this out, is it possible that you have any browser extensions installed that might've altered JavaScript on the page?

No. Other pages on pkg.go.dev were working and continue to work.

@jamalc
Copy link

jamalc commented Jul 14, 2021

I haven't been able to reproduce this or seen it happen again so let's close this as a stale issue.

@jamalc jamalc closed this as completed Jul 14, 2021
@rsc rsc unassigned jamalc Jun 23, 2022
@golang golang locked and limited conversation to collaborators Jun 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite
Projects
None yet
Development

No branches or pull requests

4 participants