Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Home
Help
Search
Login
Register
Roundcube Community Forum
»
SVN Releases
»
Issues & Bugs
»
Content-security-policy broken
« previous
next »
Print
Pages: [
1
]
Author
Topic: Content-security-policy broken (Read 6027 times)
digitalhuman
Newbie
Posts: 1
Content-security-policy broken
«
on:
July 27, 2015, 09:06:45 AM »
Hi,
While installing Roundcube my servers policy is broken and web-mail is not working anymore. Can you please look into this?. The response:
Content Security Policy: The page's settings blocked the loading of a resource at
https://mail.mailbase.io/skins/larry/watermark.html
("frame-src
https://assets.zendesk.com
https://www.facebook.com
https://s-static.ak.facebook.com
https://tautt.zendesk.com
").
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
https://ssl.google-analytics.com
https://assets.zendesk.com
https://connect.facebook.net;
img-src 'self'
https://ssl.google-analytics.com
https://s-static.ak.facebook.com
https://assets.zendesk.com;
style-src 'self' 'unsafe-inline'
https://fonts.googleapis.com
https://assets.zendesk.com;
font-src 'self'
https://themes.googleusercontent.com;
frame-src
https://assets.zendesk.com
https://www.facebook.com
https://s-static.ak.facebook.com
https://tautt.zendesk.com;
object-src 'none'";
I don't see any legit reason why I should ignore this since it is a security issue. Please handle as such.
Cheers,
Digital Human
Logged
SKaero
Administrator
Hero Member
Posts: 5,901
Re: Content-security-policy broken
«
Reply #1 on:
July 27, 2015, 09:37:46 AM »
Contact your email provider, this isn't a Roundcube problem.
Logged
SK
aero
alec
Hero Member
Posts: 1,367
Re: Content-security-policy broken
«
Reply #2 on:
July 28, 2015, 06:18:01 AM »
Roundcube uses frames, so you need to modify your CSP.
Logged
Print
Pages: [
1
]
« previous
next »
Roundcube Community Forum
»
SVN Releases
»
Issues & Bugs
»
Content-security-policy broken