Re: [RCU] Content Security Policy for Roundcube

Thu, 10 Oct 2019 23:03:51 -0700 

Good suggestion.

Unfortunately it still doesn’t work.

In http.conf I put:

<Directory “path/to/sites/roundcube”
        AllowOverride All
</Directory>

But I would always get “.../roundcube/.htaccess: Header not allowed here” 

So commented everything out of roundcube/.htaccess and in http.conf I put:

<Directory "path/to/sites/roundcube">
        AllowOverride All
        #Header unset Content-Security-Policy
        Header always set Content-Security-Policy "default-src 'self' 
'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 
'unsafe-inline' 'self'; form-action 'self'; upgrade-insecure-requests; 
block-all-mixed-content"
</Directory>

But still get:

[Error] Refused to execute a script because its hash, its nonce, or 
'unsafe-inline' appears in neither the script-src directive nor the default-src 
directive of the Content Security Policy. (roundcube, line 17)
[Error] Refused to execute a script because its hash, its nonce, or 
'unsafe-inline' appears in neither the script-src directive nor the default-src 
directive of the Content Security Policy. (roundcube, line 57)

Maddening!

James.

> On 11 Oct 2019, at 12:02 am, @lbutlr <krem...@kreme.com> wrote:
> 
> On Oct 9, 2019, at 11:46 PM, James Brown <jlbr...@bordo.com.au> wrote:
>> I think you could be right Thomas, as whatever I put into the .htaccess file 
>> doesn’t seem to make a difference.
> 
> Sounds like your .htaccess file is not being processed then.
> 
> What is the AllowOverride directive in your http.conf for the roundcube 
> directory or parent directory.
> 
> For example, my roundcube install is in /usr/local/www/roundcube and in 
> http.conf I have 
> 
> <Directory "/usr/local/www”>
>  . . . stuff
>  AllowOverride All
>  . . . stuff
> </Directory>
> 
> 
> 
> -- 
> The thing standing in the way of your dreams is that the person having them is
> *you* https://xkcd.com/1027/
> 
> _______________________________________________
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Reply via email to