Home News Contact Us Forum About Us Demos Products F.A.Q.
Shopping Cart
You currently have 0 items in your cart.


Recent Events
  • 23/11/2024 Black Friday 2024

    BIG SALE, 30% discount for all our extensions. Use BF24 coupon code. Hurry up the discount is valid till 3 December.

  • 31/12/2023 New Year SALE

    We are glad to announce New Year SALE. 25% discount for all our extensions. Use NY24 coupon code. Hurry up the discount is valid till 7 January.


2Checkout.com, Inc. is an authorized retailer of goods and services provided by ARI Soft. 2CheckOut




Follow us on twitter



Welcome, Guest
Please Login or Register.    Lost Password?

Header Content-Security-Policy - block carousel
(1 viewing) (1) Guest
Go to bottomPage: 1
TOPIC: Header Content-Security-Policy - block carousel
#58411
Header Content-Security-Policy - block carousel 8 Years, 2 Months ago Karma: 0
Hello,
on my server I am setting a few new security rules and one thing makes me problem with carousel.
When I set on appache server:
Code:

Header add Content-Security-Policy "default-src 'self'"

the carousel has problem to load

Thank You for any hint
Regards ZAJDAN
The administrator has disabled public write access.
 
#58412
Re:Header Content-Security-Policy - block carousel 8 Years, 2 Months ago Karma: 760
Hello,

Where we can see the problem?

Regards,
ARI Soft
The administrator has disabled public write access.
 
#58415
Re:Header Content-Security-Policy - block carousel 8 Years, 2 Months ago Karma: 0
when I enable the rule on apache, then I look on the web via Inspect...there I see:

Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-d5lFtN8ELvhf7ulae/5+Iaak+QG9Sf0hVaQThwHzk8U='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

konfigurator:1 Refused to load the script 'ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.


jquery.cloud-carousel.min.js
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". konfigurator:73 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-GAT6NNfoBUzoYAQ5fVBCycaDZg+q7QqsnmWB/0f2NHk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
The administrator has disabled public write access.
 
#58416
Re:Header Content-Security-Policy - block carousel 8 Years, 2 Months ago Karma: 760
jquery.cloud-carousel.min.js is minified version of javascript file and it is used "eval" javascript function. It is a normal for minifier applications.

About ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js file, it loads from Google CDN. If you use Joomla! 3+, the extension will load jQuery via Joomla! API from your server. Just set "Load jQuery method" parameter to "Local copy".

Regards,
ARI Soft
The administrator has disabled public write access.
 
#58425
Re:Header Content-Security-Policy - block carousel 8 Years, 2 Months ago Karma: 0
I use older Joomla 2.5
this library is called from cloud carousel?:
ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js

because I manually call just jquery 2.4

Thank You

Regards ZAJDAN
The administrator has disabled public write access.
 
#58426
Re:Header Content-Security-Policy - block carousel 8 Years, 2 Months ago Karma: 760
You can disable loading of jQuery library in module settings if it is loaded by site template or a 3rd party extension.

Regards,
ARI Soft
The administrator has disabled public write access.
 
Go to topPage: 1