Home News Contact Us Forum About Us Demos Products F.A.Q.
ARI Soft









Register   Lost Password?
Featured Demos

ARI Smart Content demo

ARI Quiz demo

WordPress Quiz plugin

WordPress Lightbox plugin







e-mail: info@ari-soft.com
Shopping Cart
You currently have 0 items in your cart.
Show Cart


Recent Events
  • 31/12/2023 New Year SALE

    We are glad to announce New Year SALE. 25% discount for all our extensions. Use NY24 coupon code. Hurry up the discount is valid till 7 January.
    more...

  • 21/11/2023 BLACK FRIDAY 23 is coming

    BIG SALE, 35% discount for all our extensions. Use BF23 coupon code. Hurry up the discount is valid till 27 November.
    more...


2Checkout.com, Inc. is an authorized retailer of goods and services provided by ARI Soft. 2CheckOut




Follow us on twitter



Welcome, Guest
Please Login or Register.    Lost Password?
ARI Soft Forum
Joomla components
ARI Cloud Carousel

Header Content-Security-Policy - block carousel
(1 viewing) (1) Guest
Go to bottomPage: 1
TOPIC: Header Content-Security-Policy - block carousel
#58411
Header Content-Security-Policy - block carousel 8 Years, 2 Months ago Karma: 0
Hello,
on my server I am setting a few new security rules and one thing makes me problem with carousel.
When I set on appache server:
Code:
Header add Content-Security-Policy "default-src 'self'"

the carousel has problem to load

Thank You for any hint
Regards ZAJDAN
ZAJDAN
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#58412
Re:Header Content-Security-Policy - block carousel 8 Years, 2 Months ago Karma: 760
Hello,

Where we can see the problem?

Regards,
ARI Soft
admin
User Online Now Click here to see the profile of this user
The administrator has disabled public write access.
 
#58415
Re:Header Content-Security-Policy - block carousel 8 Years, 2 Months ago Karma: 0
when I enable the rule on apache, then I look on the web via Inspect...there I see:

Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-d5lFtN8ELvhf7ulae/5+Iaak+QG9Sf0hVaQThwHzk8U='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

konfigurator:1 Refused to load the script 'ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

jquery.cloud-carousel.min.js
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". konfigurator:73 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-GAT6NNfoBUzoYAQ5fVBCycaDZg+q7QqsnmWB/0f2NHk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
ZAJDAN
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#58416
Re:Header Content-Security-Policy - block carousel 8 Years, 2 Months ago Karma: 760
jquery.cloud-carousel.min.js is minified version of javascript file and it is used "eval" javascript function. It is a normal for minifier applications.

About ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js file, it loads from Google CDN. If you use Joomla! 3+, the extension will load jQuery via Joomla! API from your server. Just set "Load jQuery method" parameter to "Local copy".

Regards,
ARI Soft
admin
User Online Now Click here to see the profile of this user
The administrator has disabled public write access.
 
#58425
Re:Header Content-Security-Policy - block carousel 8 Years, 2 Months ago Karma: 0
I use older Joomla 2.5
this library is called from cloud carousel?:
ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js

because I manually call just jquery 2.4

Thank You

Regards ZAJDAN
ZAJDAN
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#58426
Re:Header Content-Security-Policy - block carousel 8 Years, 2 Months ago Karma: 760
You can disable loading of jQuery library in module settings if it is loaded by site template or a 3rd party extension.

Regards,
ARI Soft
admin
User Online Now Click here to see the profile of this user
The administrator has disabled public write access.
 
Go to topPage: 1
ARI Soft Forum
Joomla components
ARI Cloud Carousel
Powered by Kunenaget the latest posts directly to your desktop
Useful Links
Products
F.A.Q.
Discount
RSS
Top Products
ARI Data Tables
ARI Sexy Lightbox
ARI Quiz
ARI Stream Quiz - Personal
ARI Smart Content
Help
Forum
F.A.Q.
Home | News | Contact Us | Forum | About Us | Demos | Products | F.A.Q.
ARI Soft
License | Terms and Conditions | Copyright Info | Privacy Policy
 
ARI Soft
Copyright © 2009