0

I have created a CentOS 7 droplet on DigitalOcean and installed and configured ipa-server 4.6.4 following DigitalOcean's how-to. Connecting from Firefox 67 gets a blank page; connecting from Chromium works. The developer console on Firefox 67 gives errors about Content Security Policy for "script-src"; searching the httpd config files and IPA pages on my droplet, the only CSP it applies is:

/etc/httpd/conf.d/ipa.conf: Header always append Content-Security-Policy "frame-ancestors 'none'"

How do I fix either FreeIPA or Firefox for them to work together?

Jim Trigg
  • 1
  • 1

1 Answers1

0

I'm using Firefox 67.0.4 on Fedora 30 and have no problems like that. W3C CSP spec recommends having default-src, so when I added it, nothing changed for me:

Header always append Content-Security-Policy "default-src 'self'; frame-ancestors 'none'"

Perhaps, there are some specific settings that should be activated in Firefox to enforce the handling of it but I didn't find any.

Correction: I tried to expand the policy a bit and stumbled upon an issue with CSP in dojo code. We are going to look into upgrading dojo in FreeIPA soon, then the policy will be improved.

abbra
  • 1,085
  • 5
  • 8