From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113])
	by mail.toke.dk (Postfix) with ESMTPS id 8B64E7D4B9C
	for <galene@lists.galene.org>; Wed, 27 Jan 2021 22:09:51 +0100 (CET)
Authentication-Results: mail.toke.dk;
	dkim=pass (1536-bit key) header.d=stroeder.com header.i=@stroeder.com header.b=U2jpq8Gh
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=stroeder.com;
	s=stroeder-com-20201114; t=1611781790;
	bh=ohwHuFeaczSKaLQeR2VgCxCLvJjFLwaoqDev+CgCpc4=;
	h=Subject:To:References:From:Date:In-Reply-To:From;
	b=U2jpq8GhCTlvnCEfJp04jYx9C+dWYWFIF97Bhk+COEOJvmtWv/tnaQKQlVcLqjeqy
	 cUWs9vwxO5MomhATkR0l2oXvLujL98F+m0+JQeaQ1m/JD15pHdSZxbXHVY8MnTgKlx
	 c/VyCuK1wnGbQ7RlVuRZ7hh+lq8DlPPONrnBM/q2lArWq1sG/vGTs9s7uRIZnpQe7u
	 gwfUkEH4gP29ydv9WaxUv2cJkQ6mCxf1Z+wKrLyF/MTuj7xr71pL2QBd0qs
To: galene@lists.galene.org
References: <c76be9d1-01f6-03ab-62cc-efba9760dec3@stroeder.com>
 <2fdb1db7-27f7-c23d-f2ca-11b9c59db125@stroeder.com>
 <87pn1q9mc9.wl-jch@irif.fr> <87o8ha9m7g.wl-jch@irif.fr>
 <b07b046c-4253-8201-df7a-abad48650e9d@stroeder.com>
 <87k0ry9l86.wl-jch@irif.fr>
From: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>
Message-ID: <e775e8f6-09c5-51bc-edba-412f6b7e72e0@stroeder.com>
Date: Wed, 27 Jan 2021 22:09:49 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.6.1
MIME-Version: 1.0
In-Reply-To: <87k0ry9l86.wl-jch@irif.fr>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Message-ID-Hash: ZPELLPKEIBCBO5ATVNSSKLDMPGS2G5KY
X-Message-ID-Hash: ZPELLPKEIBCBO5ATVNSSKLDMPGS2G5KY
X-MailFrom: michael@stroeder.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header
X-Mailman-Version: 3.3.2
Precedence: list
Subject: [Galene] Re: "This operation is insecure"
List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= <galene.lists.galene.org>
Archived-At: <https://lists.galene.org/galene/e775e8f6-09c5-51bc-edba-412f6b7e72e0@stroeder.com/>
List-Archive: <https://lists.galene.org/galene/>
List-Help: <mailto:galene-request@lists.galene.org?subject=help>
List-Post: <mailto:galene@lists.galene.org>
List-Subscribe: <mailto:galene-join@lists.galene.org>
List-Unsubscribe: <mailto:galene-leave@lists.galene.org>

On 1/27/21 9:30 PM, Juliusz Chroboczek wrote:
>>>> It looks like some versions of Mobile Safari don't like our
>>>> Content-Security-Policy header.
>>>
>>> Did the user try to enable a filter?
> 
>> Probably not.
> 
> Hmm... are you running behind a reverse proxy?  Is the reverse proxy
> modifying our CSP header?

Yes.

But even unsetting this did not help in a individual test with one user
with Safari running on an older laptop. Well, this particular user is a
non-technical person and I'm not 100% sure whether page was really
reloaded or whether it was read from browser cache.

Ciao, Michael.