From 2cbb5f8db1d0764aba9a66997f940739e8bb7eb1 Mon Sep 17 00:00:00 2001 From: Thomas Hufschmidt <11391961+Hufschmidt@users.noreply.github.com> Date: Sat, 17 Jan 2026 22:28:56 +0100 Subject: Update documentation in regards to CSP warnings (#8439) * Add a reference to the check where the warning is triggered Note: This is the place where the admin sees the browser pointing to. Adding this information here allows the admin to find the matching documentation entry. * Update Content-Security-Policy section of english ServerConfig documentation Note: This fixes some minor formating/typping issues and adds some clarity to the fact that this warning is also triggered on correctly configured hosts, simply due to the nature of how correctness of CSP rules are checked. * Move CSP infor source-code comment into console.info Note: Improve visibility of why this is happening. * Point towards static website documentation instead of git This URL should also remain more fixed even accross new branches/releases. Co-authored-by: Inverle * Minor fixes * Remove overwrite part --------- Co-authored-by: Inverle Co-authored-by: Alexandre Alapetite --- p/scripts/main.js | 2 ++ 1 file changed, 2 insertions(+) (limited to 'p') diff --git a/p/scripts/main.js b/p/scripts/main.js index 3b47beb84..80fbd71fc 100644 --- a/p/scripts/main.js +++ b/p/scripts/main.js @@ -2327,6 +2327,8 @@ function init_csp_alert() { Function(); } catch (_) { // Exit if 'script-src' is set and 'unsafe-eval' isn't set in CSP + console.info(`If you see a 'unsafe-eval' warning, everything is working as intended: +see https://freshrss.github.io/FreshRSS/en/admins/10_ServerConfig.html#security`); return; } -- cgit v1.2.3