Questions and discussion about developing processes and programming in PHP, JavaScript, web services & REST API.

Moderators: ArturoRobles, ArturoRobles

Forum rules: Please search to see if a question has already asked before creating a new topic. Please don't post the same question in multiple forums.
By Carlcab
In Processmaker I cloud load iframes in the dynaforms with no problems. Now that I upgraded to 3.2 the iframes are not loading because of a content security policy violation.

Chrome console error:
"Refused to connect to 'https://example.php' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback."

How can I add the content security policy so that the dynaforms can load the iframes?

Thank you
User avatar
By amosbatto
According to this post: ... ecurity-po

You can get around this problem by adding code like the following to the <head> section in the HTML code of the page you are loading in the iframe:
Code: Select all
< meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: 'unsafe-eval'; 
style-src 'self' 'unsafe-inline'; media-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval'; ">

I have a suggest where user have to select some do[…]

The 500 Internal Server Error is the general catch[…]

Really very nice blog information for this one and[…]

This is a long, lengthy and cumbersome process. T[…]