Hi,
We are using a SonarQube v10.5.1 docker image deployed in AWS ECS. We have customized the logo using sonar.lf.logoUrl setting that points to an image on a different domain. It used to work until recently, but now the image is no longer displayed and I see the following error in the browser’s console:
net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep 200 (OK)
Any thoughts?
Hi,
Welcome to the community!
Yeah… We broke that. It’ll be fixed in 10.6.
Ann
Thanks for confirming. Looking forward to 10.6.
@ganncamp Just to confirm. Will this also affect using SonarQube badges in GitLab (GitLab badges)?
What is the release date for 10.6?
BR,
Jimisola
Hi,
Sorry for being too lazy to look up the ticket last time. Here it is:
SONAR-22149 Make Cross-Origin-Resource-Policy less restrictive
Yes, Jimisola it may also be affecting PR decoration images.
Look for 10.6 in ~1mo.
HTH,
Ann
@ganncamp Considering that this does not only affect sonar.lf.logoUrl and that there is no workaround in the issue tracker, is there any chance of reconsidering including in a patch for 10.5? Our GitLab, documentation etc does not look good at all thanks to this error.
Not to mention that it is has priority set to “Critical”…
Hi Jimisola,
It’s not my decision, so nothing for me to consider. And I can tell you that since it’s “purely” cosmetic, there’s about a snowball’s chance.
Ann
Ok. That’s too bad. Does it still count as cosmetic if we include them in our documentation/reports? 
FYI, you can use base64 encoded image in sonar.lf.logoUrl:
data:image/png;base64,XXXX
Thanks for the tips, unfortunately only 4000 chars is supported on logo option.
I just upgraded to 10.6.0 and the issue still persists for me…
Hi @dough654,
Thanks for this report.
Would you mind being explicit about how you’re seeing this still manifest in 10.6, please?
Thx,
Ann
Hello, sure. it’s the same issue that was described above. I add a custom Logo image url into the settings, and the image request gets blocked due to CORS issues:
Hi,
Thanks for the detail. It made me look more closely at the ticket, It looks like it got bumped to 10.7.
Ann
@ganncamp will this issue be solved in 10.7 as well?
Yikes. We just upgraded to 10.6 after vacation and noticed that the badges still didn’t work only to now get this news. Quite disappointed since we already waited quite some time for 10.6 and it’s information that we need in GitLab to easily keep a daily eye on SonarQube.
When will 10.7 be releases and how do we know that will actually be fixed in that version?
/Jimisola
Hi,
I have the happy task of following up to say that our internal demo today included sharing that the CORS policy has been dropped & the change checked in for 10.7! I’m sorry it’s taken so long.
Ann
@ganncamp Thank you for getting back. For planning purposes, when can we expect 10.7?
Hi,
Look for it in early October.
HTH,
Ann