iframes in Dynaforms Processmaker 3.2

Forum rules: Please search to see if a question has already asked before creating a new topic. Please don't post the same question in multiple forums.

2 posts
First unread post

2 posts

iframes in Dynaforms Processmaker 3.2#793376

By Carlcab - Thu Jun 22, 2017 11:28 am

- Thu Jun 22, 2017 11:28 am #793376

In Processmaker 3.0.1.8 I cloud load iframes in the dynaforms with no problems. Now that I upgraded to 3.2 the iframes are not loading because of a content security policy violation.

Chrome console error:
"Refused to connect to 'https://example.php' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://*.googleapis.com https://apis.google.com https://maxcdn.bootstrapcdn.com data: blob:". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback."

How can I add the content security policy so that the dynaforms can load the iframes?

Thank you

Re: iframes in Dynaforms Processmaker 3.2#793391

By amosbatto - Thu Jun 22, 2017 9:16 pm

- Thu Jun 22, 2017 9:16 pm #793391

According to this post: https://stackoverflow.com/questions/312 ... ecurity-po

You can get around this problem by adding code like the following to the <head> section in the HTML code of the page you are loading in the iframe:

Code: Select all

< meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; 
style-src 'self' 'unsafe-inline'; media-src *;script-src 'self' http://onlineerp.solution.quebec 'unsafe-inline' 'unsafe-eval'; ">