Editor source code blocked

Hi, not sure if this is a SCPro issue?

For some reason I now cannot access the source code in the Tiny MCE editor, I just get a blank pop up.

If I use the browser inspect then I get this error message

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-5MzYRGMOVlf2iaw/G4LV6oMUM+nlm6nPUTVoFOgfvdc='), or a nonce ('nonce-...') is required to enable inline execution.

Looking through my .htaccess file I find this:

RewriteRule ^administrator/ - [F]
#### Disable client-side risky behavior in backend static content
<If "%{REQUEST_URI} =~ m#^/administrator/(components|modules|templates|images|plugins)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|webp|xsl|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|WEBP)$#">
    <IfModule mod_headers.c>
        Header always set Content-Security-Policy "default-src 'self'; script-src 'none';"
    </IfModule>

Any idea if this is connected to SCPro? Can't think of any other extension I'm using that would have included that in the .htaccess.

Thanks
 

Hi Chris,

That piece of code is added by admin tools, not by Securitycheck Pro. With my extension you can also configure security headers to protect your site, but this must be done into the .htaccess protection feature, and not "by default" (this is, you have to explicitly include the scripts or does you want to add to each directive). You can get more info here: scpdocs.securitycheckextensions.com/opti...tection/http_headers

Regards,
Jose

Thank you Jose!

I removed Admintools a while back when I renewed my SCPro subscription. Site has been upgraded recently to J4 and seems there was some vestige of Admintools remaining. The editor issue came after a cpanel cron for Admintools executed.

I will remove the code, thanks for the explanation!