Page 1 of 1

iframes in Dynaforms Processmaker 3.2

Posted: Thu Jun 22, 2017 11:28 am
by Carlcab
In Processmaker 3.0.1.8 I cloud load iframes in the dynaforms with no problems. Now that I upgraded to 3.2 the iframes are not loading because of a content security policy violation.

Chrome console error:
"Refused to connect to 'https://example.php' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://*.googleapis.com https://apis.google.com https://maxcdn.bootstrapcdn.com data: blob:". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback."

How can I add the content security policy so that the dynaforms can load the iframes?

Thank you

Re: iframes in Dynaforms Processmaker 3.2

Posted: Thu Jun 22, 2017 9:16 pm
by amosbatto
According to this post: https://stackoverflow.com/questions/312 ... ecurity-po

You can get around this problem by adding code like the following to the <head> section in the HTML code of the page you are loading in the iframe:
Code: Select all
< meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; 
style-src 'self' 'unsafe-inline'; media-src *;script-src 'self' http://onlineerp.solution.quebec 'unsafe-inline' 'unsafe-eval'; ">