Home News Contact Us Forum About Us Demos Products F.A.Q.
Shopping Cart
You currently have 0 items in your cart.


Recent Events
  • 31/12/2023 New Year SALE

    We are glad to announce New Year SALE. 25% discount for all our extensions. Use NY24 coupon code. Hurry up the discount is valid till 7 January.

  • 21/11/2023 BLACK FRIDAY 23 is coming

    BIG SALE, 35% discount for all our extensions. Use BF23 coupon code. Hurry up the discount is valid till 27 November.


2Checkout.com, Inc. is an authorized retailer of goods and services provided by ARI Soft. 2CheckOut




Follow us on twitter



Welcome, Guest
Please Login or Register.    Lost Password?

Header Content-Security-Policy - block carousel
(1 viewing) (1) Guest
Go to bottomPage: 1
TOPIC: Header Content-Security-Policy - block carousel
#58411
Header Content-Security-Policy - block carousel 7 Years, 6 Months ago Karma: 0
Hello,
on my server I am setting a few new security rules and one thing makes me problem with carousel.
When I set on appache server:
Code:

Header add Content-Security-Policy "default-src 'self'"

the carousel has problem to load

Thank You for any hint
Regards ZAJDAN
The administrator has disabled public write access.
 
#58412
Re:Header Content-Security-Policy - block carousel 7 Years, 6 Months ago Karma: 746
Hello,

Where we can see the problem?

Regards,
ARI Soft
The administrator has disabled public write access.
 
#58415
Re:Header Content-Security-Policy - block carousel 7 Years, 6 Months ago Karma: 0
when I enable the rule on apache, then I look on the web via Inspect...there I see:

Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-d5lFtN8ELvhf7ulae/5+Iaak+QG9Sf0hVaQThwHzk8U='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

konfigurator:1 Refused to load the script 'ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.


jquery.cloud-carousel.min.js
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". konfigurator:73 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-GAT6NNfoBUzoYAQ5fVBCycaDZg+q7QqsnmWB/0f2NHk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
The administrator has disabled public write access.
 
#58416
Re:Header Content-Security-Policy - block carousel 7 Years, 6 Months ago Karma: 746
jquery.cloud-carousel.min.js is minified version of javascript file and it is used "eval" javascript function. It is a normal for minifier applications.

About ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js file, it loads from Google CDN. If you use Joomla! 3+, the extension will load jQuery via Joomla! API from your server. Just set "Load jQuery method" parameter to "Local copy".

Regards,
ARI Soft
The administrator has disabled public write access.
 
#58425
Re:Header Content-Security-Policy - block carousel 7 Years, 6 Months ago Karma: 0
I use older Joomla 2.5
this library is called from cloud carousel?:
ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js

because I manually call just jquery 2.4

Thank You

Regards ZAJDAN
The administrator has disabled public write access.
 
#58426
Re:Header Content-Security-Policy - block carousel 7 Years, 6 Months ago Karma: 746
You can disable loading of jQuery library in module settings if it is loaded by site template or a 3rd party extension.

Regards,
ARI Soft
The administrator has disabled public write access.
 
Go to topPage: 1