Op vrijdag 11 oktober 2024 13:12:45 CEST schreef u: > Op vrijdag 11 oktober 2024 04:39:30 CEST schreef Yehuda Katz: > > This does sound like a client-side issue (as others have mentioned), > > > > especially since you said it works on http://localhost/. I can give you a > > concrete suggestion: Check the browser console for errors/notices. In most > > browsers (I personally know about Chrome, Edge, Firefox on Windows) you > > can > > hit the F12 key on the keyboard, then go to the Console tab. Any error the > > browser encounters in loading or rendering the page will be shown there. > > > > - Y > > Many thanks, this puts me on the path to a solution. I need to change the > Content-Security-Policy of that server. Is currently for that vhost: > > Header always set Content-Security-Policy "default-src 'self'; script-src > 'self'; connect-src 'self'; img-src 'self'; style-src *;base-uri > 'self';form- action 'self';frame-ancestors 'self'" > > However the errors I see are that 'self' does not allow setting > style-src-attr when the source is background: #990099 or margin-bottom: > 0cm; line-height: 100% > > Instead of 'self' I tried the name of the server which is shown in the error > message as https://<server_name>. > > Also * instead of 'self' did not work. I analyzed it a bit further and it seems to have to do with style elements in the header (CSS) which are not in the body of a html page. In that case "default-src 'self'" is not enough, it needs to be "default-src 'self' 'unsafe-inline'". -- fr.gr. Freek de Kruijf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|