Editor source code blocked

  • chrishall57
  • Topic Author
  • Offline
  • Premium Member
  • Premium Member
More
8 months 1 week ago #9450 by chrishall57
Editor source code blocked was created by chrishall57
Hi, not sure if this is a SCPro issue?

For some reason I now cannot access the source code in the Tiny MCE editor, I just get a blank pop up.

If I use the browser inspect then I get this error message

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-5MzYRGMOVlf2iaw/G4LV6oMUM+nlm6nPUTVoFOgfvdc='), or a nonce ('nonce-...') is required to enable inline execution.

Looking through my .htaccess file I find this:

RewriteRule ^administrator/ - [F]
#### Disable client-side risky behavior in backend static content
<If "%{REQUEST_URI} =~ m#^/administrator/(components|modules|templates|images|plugins)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|webp|xsl|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|WEBP)$#">
    <IfModule mod_headers.c>
        Header always set Content-Security-Policy "default-src 'self'; script-src 'none';"
    </IfModule>


Any idea if this is connected to SCPro? Can't think of any other extension I'm using that would have included that in the .htaccess.

Thanks
 

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #9452 by Jose
Replied by Jose on topic Editor source code blocked
Hi Chris,

That piece of code is added by admin tools, not by Securitycheck Pro. With my extension you can also configure security headers to protect your site, but this must be done into the .htaccess protection feature, and not "by default" (this is, you have to explicitly include the scripts or does you want to add to each directive). You can get more info here: scpdocs.securitycheckextensions.com/opti...tection/http_headers

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • chrishall57
  • Topic Author
  • Offline
  • Premium Member
  • Premium Member
More
8 months 1 week ago #9455 by chrishall57
Replied by chrishall57 on topic Editor source code blocked
Thank you Jose!

I removed Admintools a while back when I renewed my SCPro subscription. Site has been upgraded recently to J4 and seems there was some vestige of Admintools remaining. The editor issue came after a cpanel cron for Admintools executed.

I will remove the code, thanks for the explanation!

Please Log in or Create an account to join the conversation.

Time to create page: 0.137 seconds