Issue with Yubikey 2FA

[X] I have read the tutorials, help and searched for similar issues
[X] I provide relevant information about my server (component names and versions, etc.)
[X] I provide a copy of my logs and healthcheck
[X] I describe the steps I have taken to trouble shoot the problem
[X] I describe the steps on how to reproduce the issue

Hello, I’m using cloud version of passbolt and configured a 2FA with yubikey and at login process just after push on yubikey I have the passbolt screen totally empty with an error into web console.

Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

As explained above, it’s into javascript console and any page refresh redisplays yubikey field and block at the same place.
Reproduced on :

  • Vivaldi 4.2.2406.54

But not on

  • Firefox 92.0.1 => i see error on console but still usable (csp bypassed maybe ?)

Hi @LGnap ,

I just gave a try on Passbolt Cloud with Vivaldi browser (latest version 4.3.2439.44) and Yubikey, and like you in Firefox, it works without issues.

Did you try to clear the browser cache and cookies ?