Using (minimal) UI in iframe using `POST`

Question

Using (minimal) UI in iframe using `POST`

Closed this issue a year ago · 4 comments

One of our users tries to use the minimal UI in an iframe, but the POST should not be triggered by the form on your page. Instead they try to POST their side and only use the validation result.

<form method="POST" enctype="multipart/form-data" 
        action="https://www.itb.ec.europa.eu/shacl/dcat-ap.de/uploadm" 
        target="output">
    <input style="display:none" type="text" name="uri" value="url-to-ckan-dataset">
    <input type="hidden" name="validationType" value="v20_de_spec_implr">
    <button type="submit">Prüfung starten ...</button>
</form>
<iframe name="output" style="width:100%; height:400px;" src='about:blank'></iframe>

It fails with the following error message:
Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).

The user proposes to adjust the content security policy.

Could you look into this, if this is an acceptabe use case for you?

Answer 1 · 2023-08-01T10:41:00.000Z

Thanks for reporting this. Looking into the issue and will come back asap regarding a fix.

Answer 2 · 2023-08-01T12:03:14.000Z

Hi @init-dcat-ap-de , the issue is now fixed. Could you please confirm from your end that everything is working as expected?

For information this was not due to the newly introduced CSP but rather a regression specific to the case of the minimal UI when used in embedded mode.

Answer 3 · 2023-08-01T12:15:55.000Z

As far as I can see it, it is fixed.
I will close it, when @ondics confirms it.

Answer 4 · 2023-08-02T06:59:36.000Z

I see in that your user has confirmed everything is ok and has closed the issue relating to this. I'll consider this issue closed as well.