- Bug reports MUST include reproduction instructions which allow someone who does not have access to your environment to reproduce the issue you’re encountering.
- Bug reports MUST be against a recent version of Phabricator, and include version information. You can find version information in “Config > Version Information” in the web UI, or
arc versionfrom the CLI.
Based on what can I see Pholio’s download button uses form to start file downloading which causes CSP violation.
- Create a Mock in Pholio with any file which browser is unable to display inline, like PSD or any other. The only meaning condition here it must be in the mock itself (not in comment or description), and it must not be possible for browser to display the file inline.
- Open the mock just created and try to download the file with the button contains down arrow at the right bottom corner of file preview.
Expected result: browser begins file downloading
Actual result: nothing happens, browser JS console displays error
because it does not appear in the form-action directive of the Content Security Policy..
Phabricator/Arcanist Version: deployed from git:
Output from Config > Version Information or
arc version: arcanist versions displayed is
unknown. It was deployed from git: