CodeIgniter Forums
Why CSP makes all Honey pot inputs appear - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: General (https://forum.codeigniter.com/forumdisplay.php?fid=1)
+--- Forum: Regional User Groups (https://forum.codeigniter.com/forumdisplay.php?fid=25)
+--- Thread: Why CSP makes all Honey pot inputs appear (/showthread.php?tid=85960)

Why CSP makes all Honey pot inputs appear - luckmoshy - 12-26-2022

Hi, I have set
PHP Code:
public $CSPEnabled true
but all honey pot hidden inputs are appearing what is the best way to set it?
and also it breaks HTML SVG I have forced by using
Code:
(display: none! important)
it works but I see this is not an accurate way.

On a contrary, I see that it looks like there is a mild issue in CSP!!!???

RE: Why CSP makes all Honey pot inputs appear - kenjis - 12-26-2022

(12-26-2022, 02:42 AM)luckmoshy Wrote: Hi, I have set
PHP Code:
public $CSPEnabled true
but all honey pot hidden inputs are appearing

What do you mean?
What happended?

RE: Why CSP makes all Honey pot inputs appear - luckmoshy - 12-26-2022

(12-26-2022, 07:20 PM)kenjis Wrote:
(12-26-2022, 02:42 AM)luckmoshy Wrote: Hi, I have set
PHP Code:
public $CSPEnabled true
but all honey pot hidden inputs are appearing

What do you mean?
What happened?

I mean I have set CSP
PHP Code:
public $CSPEnabled true
in App and It works fine except on hidden honey port input is now shown instead of being hidden eg:
Code:
<div style="display:none"><label>Fill this filed?</label><input type="text" name="honeypot" value=""></div>
so I have to use CSS (Important)to force which I see is not ok
Code:
dispaly: none! important
and SVG in HTML all lose their form(lossy)

The hidden Honeyport input field now is appearing!!!
[Image: Screenshot%2B%252821%2529.png]
SVG was the same color brown now is looking dark!!!!
[Image: Screenshot%2B%252820%2529.png]

as per Content Security Policy:
My inline scripts and CSS
Code:
<script <?= csp_script_nonce() ?>>
<style <?= csp_css_nonce() ?>>


RE: Why CSP makes all Honey pot inputs appear - kenjis - 12-26-2022

Oh, I got it. It is a bug in Honeypot.

RE: Why CSP makes all Honey pot inputs appear - kenjis - 12-26-2022

I sent a PR to fix it.
https://github.com/codeigniter4/CodeIgniter4/pull/7029

I sent it to 4.3 branch because I need to add new config item.

RE: Why CSP makes all Honey pot inputs appear - luckmoshy - 12-27-2022

(12-26-2022, 11:53 PM)kenjis Wrote: I sent a PR to fix it.
https://github.com/codeigniter4/CodeIgniter4/pull/7029

I sent it to 4.3 branch because I need to add new config item.

Thank you so much @kenjis