Good suggestion.
Unfortunately it still doesn’t work.
In http.conf I put:
But I would always get “.../roundcube/.htaccess: Header not allowed here”
So commented everything out of roundcube/.htaccess and in http.conf I put:
AllowOverride All
#Header unset Content-Security-Policy
Header always set Content-Security-Policy "default-src 'self'
'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src
'unsafe-inline' 'self'; form-action 'self'; upgrade-insecure-requests;
block-all-mixed-content"
But still get:
[Error] Refused to execute a script because its hash, its nonce, or
'unsafe-inline' appears in neither the script-src directive nor the default-src
directive of the Content Security Policy. (roundcube, line 17)
[Error] Refused to execute a script because its hash, its nonce, or
'unsafe-inline' appears in neither the script-src directive nor the default-src
directive of the Content Security Policy. (roundcube, line 57)
Maddening!
James.
> On 11 Oct 2019, at 12:02 am, @lbutlr wrote:
>
> On Oct 9, 2019, at 11:46 PM, James Brown wrote:
>> I think you could be right Thomas, as whatever I put into the .htaccess file
>> doesn’t seem to make a difference.
>
> Sounds like your .htaccess file is not being processed then.
>
> What is the AllowOverride directive in your http.conf for the roundcube
> directory or parent directory.
>
> For example, my roundcube install is in /usr/local/www/roundcube and in
> http.conf I have
>
>
> . . . stuff
> AllowOverride All
> . . . stuff
>
>
>
>
> --
> The thing standing in the way of your dreams is that the person having them is
> *you* https://xkcd.com/1027/
>
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
smime.p7s
Description: S/MIME cryptographic signature
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users
