I received feedback from a few users experiencing issues creating groups despite trying multiple browsers (such as Firefox and Chrome). One user was able to create a group using their phone instead.
Does anyone know what might be causing this? Here’s an example of a console log message:
Refused to execute inline script because it violates the following Content Security Policy directive: « script-src ‹ self › ‹ unsafe-eval › ‹ sha256-4RS22DYedfU14dra4KdfYxmwt5HkOInieXK1NUMBmQI= › ‹ sha256-zJdRXhLWm9sdfDD6BFr+sNmHBBrjAdJdFr7bvUq0EwK58= › ». Either the ‹ unsafe-inline › keyword, a hash (‹ sha256-o4dviO6MIZ0IAKwaAr74d6hmSYmYk1WeieADjYp90AY= ›), or a nonce (‹ nonce-… ›) is required to enable inline execution.
Isn’t it only one way to create a group if you’re using the web interface?
I’ve been in contact with two users that has this problem.
The first user
The only thing I know is that the user tried with Firefox, and when that didn’t work, with a clean installation of Chrome, which also didn’t work. Then it worked using a phone.
The second user
I didn’t really get any details other than that the user had tried a few times and got an error message.
Probably not relevant / as a side note:
I often get a similar error message when I visit another event page, not based on Mobilizon, using Firefox on my computer. The result is that the events are not listed. When I use Firefox on my phone it works fine.
The error indicates that a script that is not allowed by mobilizon is loaded in the page and the browser has blocked it. I t can be a bug of mobilizon or maybe someone has managed to insert a malicious script in the code of the mobilizon instance (or a developer added custom code via html_hooks).
It could be interesting :
to have the raw source of the page to inspect the scripts (right click on the page > source code > copy/paste)
to know what is the error message received by the user
I had a closer look at my own network log (the site, by the way, is https://gjer.no), and the only inline script that is blocked is related to setting the theme to dark or not. So, even if I don’t have detailed information about what inline script the user got the error message from, I don’t think this has anything to do with the problem.
I’ve begun to think that it’s more likely that it has something to do with using the same name/handle for a group that already exists as a profile name, or something like that. I tested that, and you don’t get an error message. Or you do, but only in the console log. From a user’s perspective, nothing happens at all when you click the create button. That, at least, is something that should be fixed.
I’ve asked one of the users about this, so hopefully I get a response.