subject:"\[Plone\-IT\] iframe vuoti improvvisamente"

Re: [Plone-IT] iframe vuoti improvvisamente

2018-01-12 Per discussione Vito Falco

Sì certo,
è nelle direttive di configurazione di Nginx. Nel file config dove scrivi
la rewrite rules ci saranno "di default" quei valori.

Vito

Il giorno 12 gennaio 2018 14:27, Giampiero Lago  ha scritto:

> Vito,
>
> ho notato una cosa; deve essere sicuramente qualcosa a livello di nginx o
> comunque reverse proxy perchè se accedo con l'indirizzo interno (
> http://192.168.3.19:8110/tigem) mi fa vedere tutto.
>
> Grazie
>
> Giampiero
>
>
> On 12/01/2018 10:49, Vito Falco wrote:
>
> Nella Header della response trovo:
>
> Content-Security-Policy:
> default-src 'self'; img-src *; style-src 'self' 'unsafe-inline';
> script-src 'self' 'unsafe-inline' 'unsafe-eval'
> Content-Security-Policy-Report-Only:
> default-src 'self'; img-src *; style-src 'self' 'unsafe-inline';
> script-src 'self' 'unsafe-inline' 'unsafe-eval'
>
> Quindi il "problema" risiede nella configurazione del virtualhost del tuo
> server Nginx.
> Vai a vedere il config, troverai questi parametri settati (oppure
> ereditati da un file di configurazione superiore).
>
> Hai due strade:
> - li elimini proprio e torni a servire il sito "come facevi prima"
> - oppure ti studi per bene https://developer.mozilla.org/en-US/docs/Web/
> HTTP/CSP e capisci qual è la configurazione a te più congeniale
>
> Vito
>
>
>
> Il giorno 12 gennaio 2018 10:46, Giampiero Lago  ha
> scritto:
>
>> Il sito è http://www.tigem.it
>>
>> Grazie
>> Giampiero
>>
>>
>> On 12/01/2018 10:42, Vito Falco wrote:
>>
>> Ciao Giampiero,
>> il problema risiede o nelle direttive che hai nei meta dell'head delle
>> tue pagine Plone oppure di specifiche direttive al webserver che metti
>> davanti a Plone (Nginx, Apache, etc)
>>
>> Controlla se hai nella source della tua pagina il meta
>> "Content-Security-Policy"  oppure, se qui non c'è, se viene posto
>> nell'Header della response.
>> Puoi controllare anche questo tramite il tab Network della console di
>> debug del browser.
>>
>> Se il sito è pubblico, manda link che vediamo.
>>
>> Vito
>>
>> 2018-01-12 10:21 GMT+01:00 Giampiero Lago :
>>
>>> Effettivamente aprendo la consolole con Chrome mi compare:
>>>
>>> (con un portlet embed di video YouTube)
>>>
>>> The Content Security Policy 'default-src 'self'; img-src *; style-src
>>> 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval''
>>> was delivered in report-only mode, but does not specify a 'report-uri'; the
>>> policy will have no effect. Please either add a 'report-uri' directive, or
>>> deliver the policy via the 'Content-Security-Policy' header.
>>> resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>>> [Report Only] Refused to load the font 'https:' because it violates the
>>> following Content Security Policy directive: "default-src 'self'". Note
>>> that 'font-src' was not explicitly set, so 'default-src' is used as a
>>> fallback.
>>>
>>> (anonymous) @ resourceplone.app.jquery-cache
>>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>>> v @ resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3e
>>> f7d491.js:392
>>> (anonymous) @ resourceplone.app.jquery-cache
>>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>>> (anonymous) @ resourceplone.app.jquery-cache
>>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>>> (anonymous) @ resourceplone.app.jquery-cache
>>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>>> (index):8 [Report Only] Refused to load the stylesheet '
>>> http://fonts.googleapis.com/css?family=Raleway:400,100,200,
>>> 300,500,600,700,800,900' because it violates the following Content
>>> Security Policy directive: "style-src 'self' 'unsafe-inline'".
>>>
>>> (index):8 Refused to load the stylesheet 'http://fonts.googleapis.com/c
>>> ss?family=Raleway:400,100,200,300,500,600,700,800,900' because it
>>> violates the following Content Security Policy directive: "style-src 'self'
>>> 'unsafe-inline'".
>>>
>>> (index):1205 Unrecognized feature: 'autoplay'.
>>> (index):1205 [Report Only] Refused to frame 'https://www.youtube.com/'
>>> because it violates the following Content Security Policy directive:
>>> "default-src 'self'". Note that 'frame-src' was not explicitly set, so
>>> 'default-src' is used as a fallback.
>>>
>>> (index):1205 Refused to frame 'https://www.youtube.com/' because it
>>> violates the following Content Security Policy directive: "default-src
>>> 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is
>>> used as a fallback.
>>>
>>> (con una pagina con un embed di mappa Google Maps)
>>>
>>> [Report Only] Refused to load the font 'https:' because it violates the
>>> following Content Security Policy directive: "default-src 'self'". Note
>>> that 'font-src' was not explicitly set, so 'default-src' is used as a
>>> fallback.
>>>
>>> (anonymous) @ resourceplone.app.jquery-cache
>>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>>> v @ resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3e
>>> f7d491.js:392
>>> (anonymous) @

Re: [Plone-IT] iframe vuoti improvvisamente

2018-01-12 Per discussione Giampiero Lago


Vito,

ho notato una cosa; deve essere sicuramente qualcosa a livello di nginx 
o comunque reverse proxy perchè se accedo con l'indirizzo interno 
(http://192.168.3.19:8110/tigem) mi fa vedere tutto.


Grazie

Giampiero

On 12/01/2018 10:49, Vito Falco wrote:

Nella Header della response trovo:

Content-Security-Policy:
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; 
script-src 'self' 'unsafe-inline' 'unsafe-eval'

Content-Security-Policy-Report-Only:
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; 
script-src 'self' 'unsafe-inline' 'unsafe-eval'


Quindi il "problema" risiede nella configurazione del virtualhost del 
tuo server Nginx.
Vai a vedere il config, troverai questi parametri settati (oppure 
ereditati da un file di configurazione superiore).


Hai due strade:
- li elimini proprio e torni a servire il sito "come facevi prima"
- oppure ti studi per bene 
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP 
 e capisci qual 
è la configurazione a te più congeniale


Vito



Il giorno 12 gennaio 2018 10:46, Giampiero Lago > ha scritto:


Il sito è http://www.tigem.it

Grazie
Giampiero


On 12/01/2018 10:42, Vito Falco wrote:

Ciao Giampiero,
il problema risiede o nelle direttive che hai nei meta dell'head
delle tue pagine Plone oppure di specifiche direttive al
webserver che metti davanti a Plone (Nginx, Apache, etc)

Controlla se hai nella source della tua pagina il meta
"Content-Security-Policy" oppure, se qui non c'è, se viene posto
nell'Header della response.
Puoi controllare anche questo tramite il tab Network della
console di debug del browser.

Se il sito è pubblico, manda link che vediamo.

Vito

2018-01-12 10:21 GMT+01:00 Giampiero Lago >:

Effettivamente aprendo la consolole con Chrome mi compare:

(con un portlet embed di video YouTube)

The Content Security Policy 'default-src 'self'; img-src *;
style-src 'self' 'unsafe-inline'; script-src 'self'
'unsafe-inline' 'unsafe-eval'' was delivered in report-only
mode, but does not specify a 'report-uri'; the policy will
have no effect. Please either add a 'report-uri' directive,
or deliver the policy via the 'Content-Security-Policy' header.

resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
[Report Only] Refused to load the font 'https:' because it
violates the following Content Security Policy directive:
"default-src 'self'". Note that 'font-src' was not explicitly
set, so 'default-src' is used as a fallback.

(anonymous) @

resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
v @

resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @

resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @

resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @

resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(index):8 [Report Only] Refused to load the stylesheet

'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900

'
because it violates the following Content Security Policy
directive: "style-src 'self' 'unsafe-inline'".

(index):8 Refused to load the stylesheet

'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900

'
because it violates the following Content Security Policy
directive: "style-src 'self' 'unsafe-inline'".

(index):1205 Unrecognized feature: 'autoplay'.
(index):1205 [Report Only] Refused to frame
'https://www.youtube.com/' because it violates the following
Content Security Policy directive: "default-src 'self'". Note
that 'frame-src' was not explicitly set, so 'default-src' is
used as a fallback.

(index):1205 Refused to frame 'https://www.youtube.com/'
because it violates the following Content Security Policy
directive: "default-src 'self'". Note that 'frame-src' was
not explicitly set, so 'default-src' is used as a fallback.

(con una pagina con un embed di mappa Google Maps)

[Report Only] Refused to load the font 'https:' because it
violates the following Content Security Policy directive:
"default-src 'self'". Note that 'font-src' was not explicitly
set, so 'default-src' is used as a fallback.

(anonymous) @

Re: [Plone-IT] iframe vuoti improvvisamente

2018-01-12 Per discussione Giampiero Lago


Il sito è http://www.tigem.it

Grazie
Giampiero

On 12/01/2018 10:42, Vito Falco wrote:

Ciao Giampiero,
il problema risiede o nelle direttive che hai nei meta dell'head delle 
tue pagine Plone oppure di specifiche direttive al webserver che metti 
davanti a Plone (Nginx, Apache, etc)


Controlla se hai nella source della tua pagina il meta 
"Content-Security-Policy"  oppure, se qui non c'è, se viene posto 
nell'Header della response.
Puoi controllare anche questo tramite il tab Network della console di 
debug del browser.


Se il sito è pubblico, manda link che vediamo.

Vito

2018-01-12 10:21 GMT+01:00 Giampiero Lago >:


Effettivamente aprendo la consolole con Chrome mi compare:

(con un portlet embed di video YouTube)

The Content Security Policy 'default-src 'self'; img-src *;
style-src 'self' 'unsafe-inline'; script-src 'self'
'unsafe-inline' 'unsafe-eval'' was delivered in report-only mode,
but does not specify a 'report-uri'; the policy will have no
effect. Please either add a 'report-uri' directive, or deliver the
policy via the 'Content-Security-Policy' header.
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
[Report Only] Refused to load the font 'https:' because it
violates the following Content Security Policy directive:
"default-src 'self'". Note that 'font-src' was not explicitly set,
so 'default-src' is used as a fallback.

(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
v @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(index):8 [Report Only] Refused to load the stylesheet

'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900

'
because it violates the following Content Security Policy
directive: "style-src 'self' 'unsafe-inline'".

(index):8 Refused to load the stylesheet

'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900

'
because it violates the following Content Security Policy
directive: "style-src 'self' 'unsafe-inline'".

(index):1205 Unrecognized feature: 'autoplay'.
(index):1205 [Report Only] Refused to frame
'https://www.youtube.com/' because it violates the following
Content Security Policy directive: "default-src 'self'". Note that
'frame-src' was not explicitly set, so 'default-src' is used as a
fallback.

(index):1205 Refused to frame 'https://www.youtube.com/' because
it violates the following Content Security Policy directive:
"default-src 'self'". Note that 'frame-src' was not explicitly
set, so 'default-src' is used as a fallback.

(con una pagina con un embed di mappa Google Maps)

[Report Only] Refused to load the font 'https:' because it
violates the following Content Security Policy directive:
"default-src 'self'". Note that 'font-src' was not explicitly set,
so 'default-src' is used as a fallback.

(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
v @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
location-2:8 [Report Only] Refused to load the stylesheet

'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900

'
because it violates the following Content Security Policy
directive: "style-src 'self' 'unsafe-inline'".

location-2:8 Refused to load the stylesheet

'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900

'
because it violates the following Content Security Policy
directive: "style-src 'self' 'unsafe-inline'".

location-2:252 [Report Only] Refused to frame
'https://www.google.com/' because it violates the following
Content Security Policy directive: "default-src 'self'". Note that
'frame-src' was not explicitly set, so 'default-src' is used as a
fallback.

location-2:252 Refused to frame

Re: [Plone-IT] iframe vuoti improvvisamente

2018-01-12 Per discussione Vito Falco

Btw
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP


2018-01-12 10:42 GMT+01:00 Vito Falco :

> Ciao Giampiero,
> il problema risiede o nelle direttive che hai nei meta dell'head delle tue
> pagine Plone oppure di specifiche direttive al webserver che metti davanti
> a Plone (Nginx, Apache, etc)
>
> Controlla se hai nella source della tua pagina il meta
> "Content-Security-Policy"  oppure, se qui non c'è, se viene posto
> nell'Header della response.
> Puoi controllare anche questo tramite il tab Network della console di
> debug del browser.
>
> Se il sito è pubblico, manda link che vediamo.
>
> Vito
>
> 2018-01-12 10:21 GMT+01:00 Giampiero Lago :
>
>> Effettivamente aprendo la consolole con Chrome mi compare:
>>
>> (con un portlet embed di video YouTube)
>>
>> The Content Security Policy 'default-src 'self'; img-src *; style-src
>> 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval''
>> was delivered in report-only mode, but does not specify a 'report-uri'; the
>> policy will have no effect. Please either add a 'report-uri' directive, or
>> deliver the policy via the 'Content-Security-Policy' header.
>> resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> [Report Only] Refused to load the font 'https:' because it violates the
>> following Content Security Policy directive: "default-src 'self'". Note
>> that 'font-src' was not explicitly set, so 'default-src' is used as a
>> fallback.
>>
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> v @ resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3e
>> f7d491.js:392
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> (index):8 [Report Only] Refused to load the stylesheet '
>> http://fonts.googleapis.com/css?family=Raleway:400,100,200,
>> 300,500,600,700,800,900' because it violates the following Content
>> Security Policy directive: "style-src 'self' 'unsafe-inline'".
>>
>> (index):8 Refused to load the stylesheet 'http://fonts.googleapis.com/c
>> ss?family=Raleway:400,100,200,300,500,600,700,800,900' because it
>> violates the following Content Security Policy directive: "style-src 'self'
>> 'unsafe-inline'".
>>
>> (index):1205 Unrecognized feature: 'autoplay'.
>> (index):1205 [Report Only] Refused to frame 'https://www.youtube.com/'
>> because it violates the following Content Security Policy directive:
>> "default-src 'self'". Note that 'frame-src' was not explicitly set, so
>> 'default-src' is used as a fallback.
>>
>> (index):1205 Refused to frame 'https://www.youtube.com/' because it
>> violates the following Content Security Policy directive: "default-src
>> 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is
>> used as a fallback.
>>
>> (con una pagina con un embed di mappa Google Maps)
>>
>> [Report Only] Refused to load the font 'https:' because it violates the
>> following Content Security Policy directive: "default-src 'self'". Note
>> that 'font-src' was not explicitly set, so 'default-src' is used as a
>> fallback.
>>
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> v @ resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3e
>> f7d491.js:392
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> location-2:8 [Report Only] Refused to load the stylesheet '
>> http://fonts.googleapis.com/css?family=Raleway:400,100,200,
>> 300,500,600,700,800,900' because it violates the following Content
>> Security Policy directive: "style-src 'self' 'unsafe-inline'".
>>
>> location-2:8 Refused to load the stylesheet '
>> http://fonts.googleapis.com/css?family=Raleway:400,100,200,
>> 300,500,600,700,800,900' because it violates the following Content
>> Security Policy directive: "style-src 'self' 'unsafe-inline'".
>>
>> location-2:252 [Report Only] Refused to frame 'https://www.google.com/'
>> because it violates the following Content Security Policy directive:
>> "default-src 'self'". Note that 'frame-src' was not explicitly set, so
>> 'default-src' is used as a fallback.
>>
>> location-2:252 Refused to frame 'https://www.google.com/' because it
>> violates the following Content Security Policy directive: "default-src
>> 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is
>> used as a fallback.
>>
>> ed è una cosa che mi è capitata anche con un altro sito PHP che avevo
>> (risolto scaricando i css e js in locale e togliendo i riferimenti
>> http:// nel tag

Re: [Plone-IT] iframe vuoti improvvisamente

2018-01-12 Per discussione Vito Falco

Ciao Giampiero,
il problema risiede o nelle direttive che hai nei meta dell'head delle tue
pagine Plone oppure di specifiche direttive al webserver che metti davanti
a Plone (Nginx, Apache, etc)

Controlla se hai nella source della tua pagina il meta
"Content-Security-Policy"  oppure, se qui non c'è, se viene posto
nell'Header della response.
Puoi controllare anche questo tramite il tab Network della console di debug
del browser.

Se il sito è pubblico, manda link che vediamo.

Vito

2018-01-12 10:21 GMT+01:00 Giampiero Lago :

> Effettivamente aprendo la consolole con Chrome mi compare:
>
> (con un portlet embed di video YouTube)
>
> The Content Security Policy 'default-src 'self'; img-src *; style-src
> 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval''
> was delivered in report-only mode, but does not specify a 'report-uri'; the
> policy will have no effect. Please either add a 'report-uri' directive, or
> deliver the policy via the 'Content-Security-Policy' header.
> resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
> [Report Only] Refused to load the font 'https:' because it violates the
> following Content Security Policy directive: "default-src 'self'". Note
> that 'font-src' was not explicitly set, so 'default-src' is used as a
> fallback.
>
> (anonymous) @ resourceplone.app.jquery-cachekey-
> b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
> v @ resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d4
> 91.js:392
> (anonymous) @ resourceplone.app.jquery-cachekey-
> b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
> (anonymous) @ resourceplone.app.jquery-cachekey-
> b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
> (anonymous) @ resourceplone.app.jquery-cachekey-
> b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
> (index):8 [Report Only] Refused to load the stylesheet '
> http://fonts.googleapis.com/css?family=Raleway:400,100,
> 200,300,500,600,700,800,900' because it violates the following Content
> Security Policy directive: "style-src 'self' 'unsafe-inline'".
>
> (index):8 Refused to load the stylesheet 'http://fonts.googleapis.com/
> css?family=Raleway:400,100,200,300,500,600,700,800,900' because it
> violates the following Content Security Policy directive: "style-src 'self'
> 'unsafe-inline'".
>
> (index):1205 Unrecognized feature: 'autoplay'.
> (index):1205 [Report Only] Refused to frame 'https://www.youtube.com/'
> because it violates the following Content Security Policy directive:
> "default-src 'self'". Note that 'frame-src' was not explicitly set, so
> 'default-src' is used as a fallback.
>
> (index):1205 Refused to frame 'https://www.youtube.com/' because it
> violates the following Content Security Policy directive: "default-src
> 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is
> used as a fallback.
>
> (con una pagina con un embed di mappa Google Maps)
>
> [Report Only] Refused to load the font 'https:' because it violates the
> following Content Security Policy directive: "default-src 'self'". Note
> that 'font-src' was not explicitly set, so 'default-src' is used as a
> fallback.
>
> (anonymous) @ resourceplone.app.jquery-cachekey-
> b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
> v @ resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d4
> 91.js:392
> (anonymous) @ resourceplone.app.jquery-cachekey-
> b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
> (anonymous) @ resourceplone.app.jquery-cachekey-
> b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
> (anonymous) @ resourceplone.app.jquery-cachekey-
> b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
> location-2:8 [Report Only] Refused to load the stylesheet '
> http://fonts.googleapis.com/css?family=Raleway:400,100,
> 200,300,500,600,700,800,900' because it violates the following Content
> Security Policy directive: "style-src 'self' 'unsafe-inline'".
>
> location-2:8 Refused to load the stylesheet 'http://fonts.googleapis.com/
> css?family=Raleway:400,100,200,300,500,600,700,800,900' because it
> violates the following Content Security Policy directive: "style-src 'self'
> 'unsafe-inline'".
>
> location-2:252 [Report Only] Refused to frame 'https://www.google.com/'
> because it violates the following Content Security Policy directive:
> "default-src 'self'". Note that 'frame-src' was not explicitly set, so
> 'default-src' is used as a fallback.
>
> location-2:252 Refused to frame 'https://www.google.com/' because it
> violates the following Content Security Policy directive: "default-src
> 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is
> used as a fallback.
>
> ed è una cosa che mi è capitata anche con un altro sito PHP che avevo
> (risolto scaricando i css e js in locale e togliendo i riferimenti http://
> nel tag

Re: [Plone-IT] iframe vuoti improvvisamente

2018-01-12 Per discussione Giampiero Lago


Effettivamente aprendo la consolole con Chrome mi compare:

(con un portlet embed di video YouTube)

The Content Security Policy 'default-src 'self'; img-src *; style-src 
'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'' 
was delivered in report-only mode, but does not specify a 'report-uri'; 
the policy will have no effect. Please either add a 'report-uri' 
directive, or deliver the policy via the 'Content-Security-Policy' header.
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392 
[Report Only] Refused to load the font 'https:' because it violates the 
following Content Security Policy directive: "default-src 'self'". Note 
that 'font-src' was not explicitly set, so 'default-src' is used as a 
fallback.


(anonymous) @ 
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
v @ 
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @ 
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @ 
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @ 
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(index):8 [Report Only] Refused to load the stylesheet 
'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900' 
because it violates the following Content Security Policy directive: 
"style-src 'self' 'unsafe-inline'".


(index):8 Refused to load the stylesheet 
'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900' 
because it violates the following Content Security Policy directive: 
"style-src 'self' 'unsafe-inline'".


(index):1205 Unrecognized feature: 'autoplay'.
(index):1205 [Report Only] Refused to frame 'https://www.youtube.com/' 
because it violates the following Content Security Policy directive: 
"default-src 'self'". Note that 'frame-src' was not explicitly set, so 
'default-src' is used as a fallback.


(index):1205 Refused to frame 'https://www.youtube.com/' because it 
violates the following Content Security Policy directive: "default-src 
'self'". Note that 'frame-src' was not explicitly set, so 'default-src' 
is used as a fallback.


(con una pagina con un embed di mappa Google Maps)

[Report Only] Refused to load the font 'https:' because it violates the 
following Content Security Policy directive: "default-src 'self'". Note 
that 'font-src' was not explicitly set, so 'default-src' is used as a 
fallback.


(anonymous) @ 
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
v @ 
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @ 
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @ 
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @ 
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
location-2:8 [Report Only] Refused to load the stylesheet 
'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900' 
because it violates the following Content Security Policy directive: 
"style-src 'self' 'unsafe-inline'".


location-2:8 Refused to load the stylesheet 
'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900' 
because it violates the following Content Security Policy directive: 
"style-src 'self' 'unsafe-inline'".


location-2:252 [Report Only] Refused to frame 'https://www.google.com/' 
because it violates the following Content Security Policy directive: 
"default-src 'self'". Note that 'frame-src' was not explicitly set, so 
'default-src' is used as a fallback.


location-2:252 Refused to frame 'https://www.google.com/' because it 
violates the following Content Security Policy directive: "default-src 
'self'". Note that 'frame-src' was not explicitly set, so 'default-src' 
is used as a fallback.


ed è una cosa che mi è capitata anche con un altro sito PHP che avevo 
(risolto scaricando i css e js in locale e togliendo i riferimenti 
http:// nel tag

Re: [Plone-IT] iframe vuoti improvvisamente

2018-01-11 Per discussione Fulvio Casali

Che versione di browser usi?
La versione 64 di Chrome introduce vari accorgimenti per bloccare gli
iframe "abusivi", ma non dovrebbe toccare quelli "legittimi".

On Thu, Jan 11, 2018 at 5:22 PM Giampiero Lago  wrote:

> Salve ragazzi,
>
> ho un problema sul mio sito plone 4; improvvisamente tutti gli iframe
> (benché io abbia abilitato l'iframe con tag html e benché fino ad ieri
> funzionasse tutto) sono vuoti; quindi tutti i video Youtube con
> collective.portlet.embed e tutte le mappe gmaps sono sparite.
> Se vado nella sorgente della pagina (con firebug per esempio) c'è tutto ma
> è come se non fosse renderizzato.
> Il tutto è successo all'improvviso dopo anni di funzionamento...
> Ho riavviato l'istanza e il buidolut ma niente...
>
> la mia configurazione:
>
>
>- Plone 4.3.2 (4307)
>
>
>- CMF 2.2.7
>
>
>- Zope 2.13.21
>
>
>- Python 2.7.3 (default, Jan 2 2013, 13:56:14) [GCC 4.7.2]
>
>
>- PIL 1.7.8 (Pillow)
>
> Grazie Mille
>
> Giampiero
>
> --
> Giampiero Lago
> Web Area Manager - IT Core
> TIGEM (Telethon Institute of Genetics and Medicine)
> Via Campi Flegrei, 34
> 80078 - POZZUOLI (NA)
>
> Direct Phone: +39 081 19230637 <+39%20081%201923%200637>
> Secretariat Phone:+39 081 19230600 <+39%20081%201923%200600>
> Fax:  +39 081 19230651 <+39%20081%201923%200651>
> E-mail:   l...@tigem.it
> Website:  http://www.tigem.it
>
> ___
> Plone-IT mailing list
> plone...@lists.plone.org
> https://lists.plone.org/mailman/listinfo/plone-plone-it
> http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
>
___
Plone-IT mailing list
plone...@lists.plone.org
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html

[Plone-IT] iframe vuoti improvvisamente

2018-01-11 Per discussione Giampiero Lago


Salve ragazzi,

ho un problema sul mio sito plone 4; improvvisamente tutti gli iframe 
(benché io abbia abilitato l'iframe con tag html e benché fino ad ieri 
funzionasse tutto) sono vuoti; quindi tutti i video Youtube con 
collective.portlet.embed e tutte le mappe gmaps sono sparite.
Se vado nella sorgente della pagina (con firebug per esempio) c'è tutto 
ma è come se non fosse renderizzato.

Il tutto è successo all'improvviso dopo anni di funzionamento...
Ho riavviato l'istanza e il buidolut ma niente...

la mia configurazione:

 * Plone 4.3.2 (4307)

 * CMF 2.2.7

 * Zope 2.13.21

 * Python 2.7.3 (default, Jan 2 2013, 13:56:14) [GCC 4.7.2]

 * PIL 1.7.8 (Pillow)

Grazie Mille

Giampiero

--
Giampiero Lago
Web Area Manager - IT Core
TIGEM (Telethon Institute of Genetics and Medicine)
Via Campi Flegrei, 34
80078 - POZZUOLI (NA)

Direct Phone:   +39 081 19230637
Secretariat Phone:  +39 081 19230600
Fax:+39 081 19230651
E-mail: l...@tigem.it
Website:http://www.tigem.it

___
Plone-IT mailing list
plone...@lists.plone.org
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html

Re: [Plone-IT] iframe vuoti improvvisamente

Re: [Plone-IT] iframe vuoti improvvisamente

Re: [Plone-IT] iframe vuoti improvvisamente

Re: [Plone-IT] iframe vuoti improvvisamente

Re: [Plone-IT] iframe vuoti improvvisamente

Re: [Plone-IT] iframe vuoti improvvisamente

Re: [Plone-IT] iframe vuoti improvvisamente

[Plone-IT] iframe vuoti improvvisamente

8 matches

Site Navigation

Mail list logo

Footer information