- Posts: 137
- Thank you received: 4
Editor source code blocked
- chrishall57
- Topic Author
- Offline
- Premium Member
-
For some reason I now cannot access the source code in the Tiny MCE editor, I just get a blank pop up.
If I use the browser inspect then I get this error message
Looking through my .htaccess file I find this:Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-5MzYRGMOVlf2iaw/G4LV6oMUM+nlm6nPUTVoFOgfvdc='), or a nonce ('nonce-...') is required to enable inline execution.
RewriteRule ^administrator/ - [F]
#### Disable client-side risky behavior in backend static content
<If "%{REQUEST_URI} =~ m#^/administrator/(components|modules|templates|images|plugins)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|webp|xsl|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|WEBP)$#">
<IfModule mod_headers.c>
Header always set Content-Security-Policy "default-src 'self'; script-src 'none';"
</IfModule>
Any idea if this is connected to SCPro? Can't think of any other extension I'm using that would have included that in the .htaccess.
Thanks
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Administrator
-
- Posts: 4857
- Thank you received: 366
That piece of code is added by admin tools, not by Securitycheck Pro. With my extension you can also configure security headers to protect your site, but this must be done into the .htaccess protection feature, and not "by default" (this is, you have to explicitly include the scripts or does you want to add to each directive). You can get more info here: scpdocs.securitycheckextensions.com/opti...tection/http_headers
Regards,
Jose
Please Log in or Create an account to join the conversation.
- chrishall57
- Topic Author
- Offline
- Premium Member
-
- Posts: 137
- Thank you received: 4
I removed Admintools a while back when I renewed my SCPro subscription. Site has been upgraded recently to J4 and seems there was some vestige of Admintools remaining. The editor issue came after a cpanel cron for Admintools executed.
I will remove the code, thanks for the explanation!
Please Log in or Create an account to join the conversation.
This site is not affiliated with or endorsed by the Joomla! Project. It is not supported or warranted by the Joomla! Project or Open Source Matters. The Joomla! logo is used under a limited license granted by Open Source Matters, the trademark holder in the United States and other countries.
We may collect your IP address and your browser's User Agent string while using our site for security reasons. This information is retained only until we check you're not trying to hack our website.