Search The ForumSearch   RegisterRegister  LoginLogin

AfterLogic Aurora
 AfterLogic Forum : AfterLogic Aurora
Subject Topic: Error: Content Security Policy login issu Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
birender
Newbie
Newbie
Avatar

Joined: 20 August 2019
Location: India
Online Status: Offline
Posts: 18
Posted: 25 November 2020 at 4:22am | IP Logged Quote birender
Under console the error is

Refused to load the script 'https://www.google.com/recaptcha/api.js?onload=ShowRecaptchaStandardLoginFormWebclient&render=explicit&_=1606306572836' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

8.5.2

In earlier version its working fine.
Back to Top View birender's Profile Search for other posts by birender
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6038
Posted: 25 November 2020 at 4:31am | IP Logged Quote Igor
Try setting the following value in data/settings/config.json file:

Code:
"ContentSecurityPolicy": [
     "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google.com www.gstatic.com; img-src * data: blob:; frame-src *",
     "string"
],


Does it help?

--
Regards,
Igor, Afterlogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
birender
Newbie
Newbie
Avatar

Joined: 20 August 2019
Location: India
Online Status: Offline
Posts: 18
Posted: 07 December 2020 at 7:00am | IP Logged Quote birender
Its worked
Back to Top View birender's Profile Search for other posts by birender
 
solkmaaker
Senior Member
Senior Member


Joined: 28 June 2020
Online Status: Offline
Posts: 153
Posted: 07 February 2021 at 1:25pm | IP Logged Quote solkmaaker
ContentSecurityPolicy is also defined in data/settings/modules/CoreWebclient.config.json (different value than data/settings/config.json)

In what case are are CoreWebclient.config.json used?
Back to Top View solkmaaker's Profile Search for other posts by solkmaaker
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6038
Posted: 07 February 2021 at 10:50pm | IP Logged Quote Igor
Starting from version 8.5.3, the setting in data/settings/config.json is no longer used, data/settings/modules/CoreWebclient.config.json is used instead, please see:

Content-Security-Policy

--
Regards,
Igor, Afterlogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
solkmaaker
Senior Member
Senior Member


Joined: 28 June 2020
Online Status: Offline
Posts: 153
Posted: 09 February 2021 at 12:47am | IP Logged Quote solkmaaker
I see, since it exists in our test version (8.5.4), should i remove it manually (since update config did not remove it from there)?
Back to Top View solkmaaker's Profile Search for other posts by solkmaaker
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6038
Posted: 09 February 2021 at 1:06am | IP Logged Quote Igor
It's safe to delete ContentSecurityPolicy setting from data/settings/config.json file.

--
Regards,
Igor, Afterlogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump

Powered by Web Wiz Forums version 7.9
Copyright ©2001-2004 Web Wiz Guide