Welcome Guest, Not a member yet? Register   Sign In
Why CSP makes all Honey pot inputs appear
#1

(This post was last modified: 12-26-2022, 02:53 AM by luckmoshy.)

Hi, I have set
PHP Code:
public $CSPEnabled true
but all honey pot hidden inputs are appearing what is the best way to set it?
and also it breaks HTML SVG I have forced by using
Code:
(display: none! important)
it works but I see this is not an accurate way.

On a contrary, I see that it looks like there is a mild issue in CSP!!!???
Codeigniter First, Codeigniter Then You!!
yekrinaDigitals

Reply
#2

(12-26-2022, 02:42 AM)luckmoshy Wrote: Hi, I have set
PHP Code:
public $CSPEnabled true
but all honey pot hidden inputs are appearing

What do you mean?
What happended?
Reply
#3

(This post was last modified: 12-26-2022, 08:33 PM by luckmoshy.)

(12-26-2022, 07:20 PM)kenjis Wrote:
(12-26-2022, 02:42 AM)luckmoshy Wrote: Hi, I have set
PHP Code:
public $CSPEnabled true
but all honey pot hidden inputs are appearing

What do you mean?
What happened?

I mean I have set CSP
PHP Code:
public $CSPEnabled true
in App and It works fine except on hidden honey port input is now shown instead of being hidden eg:
Code:
<div style="display:none"><label>Fill this filed?</label><input type="text" name="honeypot" value=""></div>
so I have to use CSS (Important)to force which I see is not ok
Code:
dispaly: none! important
and SVG in HTML all lose their form(lossy)

The hidden Honeyport input field now is appearing!!!
[Image: Screenshot%2B%252821%2529.png]
SVG was the same color brown now is looking dark!!!!
[Image: Screenshot%2B%252820%2529.png]

as per Content Security Policy:
My inline scripts and CSS
Code:
<script <?= csp_script_nonce() ?>>
<style <?= csp_css_nonce() ?>>
Codeigniter First, Codeigniter Then You!!
yekrinaDigitals

Reply
#4

Oh, I got it. It is a bug in Honeypot.
Reply
#5

I sent a PR to fix it.
https://github.com/codeigniter4/CodeIgniter4/pull/7029

I sent it to 4.3 branch because I need to add new config item.
Reply
#6

(12-26-2022, 11:53 PM)kenjis Wrote: I sent a PR to fix it.
https://github.com/codeigniter4/CodeIgniter4/pull/7029

I sent it to 4.3 branch because I need to add new config item.

Thank you so much @kenjis
Codeigniter First, Codeigniter Then You!!
yekrinaDigitals

Reply




Theme © iAndrew 2016 - Forum software by © MyBB