Questions and discussion about developing processes and programming in PHP, JavaScript, web services & REST API.

Moderators: ArturoRobles, ArturoRobles

Forum rules: Please search to see if a question has already asked before creating a new topic. Please don't post the same question in multiple forums.
By Carlcab
#793376
In Processmaker 3.0.1.8 I cloud load iframes in the dynaforms with no problems. Now that I upgraded to 3.2 the iframes are not loading because of a content security policy violation.

Chrome console error:
"Refused to connect to 'https://example.php' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://*.googleapis.com https://apis.google.com https://maxcdn.bootstrapcdn.com data: blob:". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback."

How can I add the content security policy so that the dynaforms can load the iframes?

Thank you
User avatar
By amosbatto
#793391
According to this post: https://stackoverflow.com/questions/312 ... ecurity-po

You can get around this problem by adding code like the following to the <head> section in the HTML code of the page you are loading in the iframe:
Code: Select all
< meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; 
style-src 'self' 'unsafe-inline'; media-src *;script-src 'self' http://onlineerp.solution.quebec 'unsafe-inline' 'unsafe-eval'; ">

The 500 Internal Server Error is the general catch[…]

Really very nice blog information for this one and[…]

This is a long, lengthy and cumbersome process. T[…]

Great read for when on the road. The book provides[…]