Author |
|
birender Newbie
Joined: 20 August 2019 Location: India
Online Status: Offline Posts: 18
|
Posted: 25 November 2020 at 4:22am | IP Logged
|
|
|
Under console the error is
Refused to load the script 'https://www.google.com/recaptcha/api.js?onload=ShowRecaptchaStandardLoginFormWebclient&render=explicit&_=1606306572836' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
8.5.2
In earlier version its working fine.
|
Back to Top |
|
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Offline Posts: 6103
|
Posted: 25 November 2020 at 4:31am | IP Logged
|
|
|
Try setting the following value in data/settings/config.json file:
Code:
"ContentSecurityPolicy": [
"default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google.com www.gstatic.com; img-src * data: blob:; frame-src *",
"string"
], |
|
|
Does it help?
--
Regards,
Igor, Afterlogic Support
|
Back to Top |
|
|
birender Newbie
Joined: 20 August 2019 Location: India
Online Status: Offline Posts: 18
|
Posted: 07 December 2020 at 7:00am | IP Logged
|
|
|
Its worked
|
Back to Top |
|
|
solkmaaker Senior Member
Joined: 28 June 2020
Online Status: Offline Posts: 163
|
Posted: 07 February 2021 at 1:25pm | IP Logged
|
|
|
ContentSecurityPolicy is also defined in data/settings/modules/CoreWebclient.config.json (different value than data/settings/config.json)
In what case are are CoreWebclient.config.json used?
|
Back to Top |
|
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Offline Posts: 6103
|
Posted: 07 February 2021 at 10:50pm | IP Logged
|
|
|
Starting from version 8.5.3, the setting in data/settings/config.json is no longer used, data/settings/modules/CoreWebclient.config.json is used instead, please see:
Content-Security-Policy
--
Regards,
Igor, Afterlogic Support
|
Back to Top |
|
|
solkmaaker Senior Member
Joined: 28 June 2020
Online Status: Offline Posts: 163
|
Posted: 09 February 2021 at 12:47am | IP Logged
|
|
|
I see, since it exists in our test version (8.5.4), should i remove it manually (since update config did not remove it from there)?
|
Back to Top |
|
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Offline Posts: 6103
|
Posted: 09 February 2021 at 1:06am | IP Logged
|
|
|
It's safe to delete ContentSecurityPolicy setting from data/settings/config.json file.
--
Regards,
Igor, Afterlogic Support
|
Back to Top |
|
|