Roundcube Community Forum

 

1.5 beta on FreeBSD 13 not showing images

Started by bkreid, April 29, 2021, 01:49:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

bkreid

April 29, 2021, 01:49:23 PM
I've used RoundCube for years. Reliable and fast. For various reasons I needed to get it working on FreeBSD 13, and for other various reasons I needed to use PHP-8.0. Which meant I had to use Roundcube 1.5-beta.

It works great, with one major exception: images don't display. It smells like a javascript problem, but I've tried Chrome, Firefox, and Safari and it behaves the same way in all of them. I'm not very conversant in javascript, and this is expert-level code. I couldn't figure it out.

I've spent some time sifting through the forum looking for mentions of similar issues, and haven't seen anything. Has anybody else seen anything similar?

(I have all optional PHP modules included, including php80-gd-8.0.3)

SKaero

#1
April 30, 2021, 10:28:24 AM
Which images aren't showing up? Are there any errors in the Roundcube error log or in the browsers JS console?

bkreid

#2
May 18, 2021, 04:01:50 PM
Whew. It took me a whole week to do my income tax returns. I really ought to outsource it. Next year.

No images are showing.
Thank you for your suggestion that I look at the JS console.
It shows Content Security Policy errors on every image. So I guess I have to figure out how to set a default CSP that will allow the images to show.

bkreid

#3
May 23, 2021, 01:42:18 AM
I give up. I cannot for the life of me figure out how to specify or adjust CSP in Roundcube. Can anyone point me at documentation?

SKaero

#4
May 23, 2021, 11:32:43 AM
The Content Security Policy would set by the web server (Nginx, Apache, etc.) not Roundcube.

bkreid

#5
May 23, 2021, 07:04:21 PM
Thank you and thank you for your patience with a newbie.
It's no wonder I can't find the information in Roundcube documentation.

bkreid

#6
May 24, 2021, 12:37:50 AM
Well, I've researched this, and I have discovered that the best place to put CSP information for Roundcube is in the .htaccess file for the Roundcube instance. The reason for this is that if you put it in the server itself, the policy applies to all websites, but if you put it into the .htaccess file, then it applies just to this instance of Roundcube.

I put this line in my .htaccess file, and everything works fine now; I can see images.

Header set Content-Security-Policy: "image-src *"

I am running Apache/2.4.46
I didn't have this problem when I used Roundcube with Apache/2.4.25
so I am guessing that some default CSP was tightened up between those two versions. This suggests that the installation scripts for Roundcube 1.5 ought to be aware of CSP issues and put things into .htacceess for you.
Print
Go Up Pages1
User actions