Nella Header della response trovo: Content-Security-Policy: default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' Content-Security-Policy-Report-Only: default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
Quindi il "problema" risiede nella configurazione del virtualhost del tuo server Nginx. Vai a vedere il config, troverai questi parametri settati (oppure ereditati da un file di configurazione superiore). Hai due strade: - li elimini proprio e torni a servire il sito "come facevi prima" - oppure ti studi per bene https://developer.mozilla.org/ en-US/docs/Web/HTTP/CSP e capisci qual è la configurazione a te più congeniale Vito Il giorno 12 gennaio 2018 10:46, Giampiero Lago <l...@tigem.it> ha scritto: > Il sito è http://www.tigem.it > > Grazie > Giampiero > > > On 12/01/2018 10:42, Vito Falco wrote: > > Ciao Giampiero, > il problema risiede o nelle direttive che hai nei meta dell'head delle tue > pagine Plone oppure di specifiche direttive al webserver che metti davanti > a Plone (Nginx, Apache, etc) > > Controlla se hai nella source della tua pagina il meta > "Content-Security-Policy" oppure, se qui non c'è, se viene posto > nell'Header della response. > Puoi controllare anche questo tramite il tab Network della console di > debug del browser. > > Se il sito è pubblico, manda link che vediamo. > > Vito > > 2018-01-12 10:21 GMT+01:00 Giampiero Lago <l...@tigem.it>: > >> Effettivamente aprendo la consolole con Chrome mi compare: >> >> (con un portlet embed di video YouTube) >> >> The Content Security Policy 'default-src 'self'; img-src *; style-src >> 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'' >> was delivered in report-only mode, but does not specify a 'report-uri'; the >> policy will have no effect. Please either add a 'report-uri' directive, or >> deliver the policy via the 'Content-Security-Policy' header. >> resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392 >> [Report Only] Refused to load the font 'https:' because it violates the >> following Content Security Policy directive: "default-src 'self'". Note >> that 'font-src' was not explicitly set, so 'default-src' is used as a >> fallback. >> >> (anonymous) @ resourceplone.app.jquery-cache >> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392 >> v @ resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3e >> f7d491.js:392 >> (anonymous) @ resourceplone.app.jquery-cache >> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392 >> (anonymous) @ resourceplone.app.jquery-cache >> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392 >> (anonymous) @ resourceplone.app.jquery-cache >> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392 >> (index):8 [Report Only] Refused to load the stylesheet ' >> http://fonts.googleapis.com/css?family=Raleway:400,100,200, >> 300,500,600,700,800,900' because it violates the following Content >> Security Policy directive: "style-src 'self' 'unsafe-inline'". >> >> (index):8 Refused to load the stylesheet 'http://fonts.googleapis.com/c >> ss?family=Raleway:400,100,200,300,500,600,700,800,900' because it >> violates the following Content Security Policy directive: "style-src 'self' >> 'unsafe-inline'". >> >> (index):1205 Unrecognized feature: 'autoplay'. >> (index):1205 [Report Only] Refused to frame 'https://www.youtube.com/' >> because it violates the following Content Security Policy directive: >> "default-src 'self'". Note that 'frame-src' was not explicitly set, so >> 'default-src' is used as a fallback. >> >> (index):1205 Refused to frame 'https://www.youtube.com/' because it >> violates the following Content Security Policy directive: "default-src >> 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is >> used as a fallback. >> >> (con una pagina con un embed di mappa Google Maps) >> >> [Report Only] Refused to load the font 'https:' because it violates the >> following Content Security Policy directive: "default-src 'self'". Note >> that 'font-src' was not explicitly set, so 'default-src' is used as a >> fallback. >> >> (anonymous) @ resourceplone.app.jquery-cache >> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392 >> v @ resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3e >> f7d491.js:392 >> (anonymous) @ resourceplone.app.jquery-cache >> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392 >> (anonymous) @ resourceplone.app.jquery-cache >> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392 >> (anonymous) @ resourceplone.app.jquery-cache >> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392 >> location-2:8 [Report Only] Refused to load the stylesheet ' >> http://fonts.googleapis.com/css?family=Raleway:400,100,200, >> 300,500,600,700,800,900' because it violates the following Content >> Security Policy directive: "style-src 'self' 'unsafe-inline'". >> >> location-2:8 Refused to load the stylesheet ' >> http://fonts.googleapis.com/css?family=Raleway:400,100,200, >> 300,500,600,700,800,900' because it violates the following Content >> Security Policy directive: "style-src 'self' 'unsafe-inline'". >> >> location-2:252 [Report Only] Refused to frame 'https://www.google.com/' >> because it violates the following Content Security Policy directive: >> "default-src 'self'". Note that 'frame-src' was not explicitly set, so >> 'default-src' is used as a fallback. >> >> location-2:252 Refused to frame 'https://www.google.com/' because it >> violates the following Content Security Policy directive: "default-src >> 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is >> used as a fallback. >> >> ed è una cosa che mi è capitata anche con un altro sito PHP che avevo >> (risolto scaricando i css e js in locale e togliendo i riferimenti >> http:// nel tag <script> e <style>) >> >> ma come faccio a risolverlo in Plone ???? >> >> Grazie Mille >> >> >> On 11/01/2018 17:32, Vito Falco wrote: >> >> Ciao, >> guarda la console di debug... non è che hai un sito web che ora serve in >> https e cerca di includere iframe serviti in http? >> >> Vito >> >> Il giorno 11 gennaio 2018 17:22, Giampiero Lago <l...@tigem.it> ha >> scritto: >> >>> Salve ragazzi, >>> >>> ho un problema sul mio sito plone 4; improvvisamente tutti gli iframe >>> (benché io abbia abilitato l'iframe con tag html e benché fino ad ieri >>> funzionasse tutto) sono vuoti; quindi tutti i video Youtube con >>> collective.portlet.embed e tutte le mappe gmaps sono sparite. >>> Se vado nella sorgente della pagina (con firebug per esempio) c'è tutto >>> ma è come se non fosse renderizzato. >>> Il tutto è successo all'improvviso dopo anni di funzionamento... >>> Ho riavviato l'istanza e il buidolut ma niente... >>> >>> la mia configurazione: >>> >>> >>> - Plone 4.3.2 (4307) >>> >>> >>> - CMF 2.2.7 >>> >>> >>> - Zope 2.13.21 >>> >>> >>> - Python 2.7.3 (default, Jan 2 2013, 13:56:14) [GCC 4.7.2] >>> >>> >>> - PIL 1.7.8 (Pillow) >>> >>> Grazie Mille >>> >>> Giampiero >>> >>> -- >>> Giampiero Lago >>> Web Area Manager - IT Core >>> TIGEM (Telethon Institute of Genetics and Medicine) >>> Via Campi Flegrei, 34 >>> 80078 - POZZUOLI (NA) >>> >>> Direct Phone: +39 081 19230637 <+39%20081%201923%200637> >>> Secretariat Phone: +39 081 19230600 <+39%20081%201923%200600> >>> Fax: +39 081 19230651 <+39%20081%201923%200651> >>> E-mail: l...@tigem.it >>> Website: http://www.tigem.it >>> >>> >>> _______________________________________________ >>> Plone-IT mailing list >>> plone...@lists.plone.org >>> https://lists.plone.org/mailman/listinfo/plone-plone-it >>> http://plone-regional-forums.221720.n2.nabble.com/Plone-Ital >>> y-f221721.html >>> >>> >> >> >> -- >> *Vito Falco* >> Developer & UI designer | Freelance >> Bari, IT >> Linkedin it.linkedin.com/in/vitofalco >> >> >> _______________________________________________ >> Plone-IT mailing >> listPlone-IT@lists.plone.orghttps://lists.plone.org/mailman/listinfo/plone-plone-ithttp://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html >> >> >> >> -- >> Giampiero Lago >> Web Area Manager - IT Core >> TIGEM (Telethon Institute of Genetics and Medicine) >> Via Campi Flegrei, 34 >> 80078 - POZZUOLI (NA) >> >> Direct Phone: +39 081 19230637 <+39%20081%201923%200637> >> Secretariat Phone: +39 081 19230600 <+39%20081%201923%200600> >> Fax: +39 081 19230651 <+39%20081%201923%200651> >> E-mail: l...@tigem.it >> Website: http://www.tigem.it >> >> >> _______________________________________________ >> Plone-IT mailing list >> plone...@lists.plone.org >> https://lists.plone.org/mailman/listinfo/plone-plone-it >> http://plone-regional-forums.221720.n2.nabble.com/Plone-Ital >> y-f221721.html >> >> > > > -- > *Vito Falco* > Developer & UI designer | Freelance > Bari, IT > Linkedin it.linkedin.com/in/vitofalco > > > _______________________________________________ > Plone-IT mailing > listPlone-IT@lists.plone.orghttps://lists.plone.org/mailman/listinfo/plone-plone-ithttp://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html > > > > -- > Giampiero Lago > Web Area Manager - IT Core > TIGEM (Telethon Institute of Genetics and Medicine) > Via Campi Flegrei, 34 > 80078 - POZZUOLI (NA) > > Direct Phone: +39 081 19230637 <+39%20081%201923%200637> > Secretariat Phone: +39 081 19230600 <+39%20081%201923%200600> > Fax: +39 081 19230651 <+39%20081%201923%200651> > E-mail: l...@tigem.it > Website: http://www.tigem.it > > > _______________________________________________ > Plone-IT mailing list > plone...@lists.plone.org > https://lists.plone.org/mailman/listinfo/plone-plone-it > http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html > > -- *Vito Falco* Developer & UI designer | Freelance Bari, IT Linkedin it.linkedin.com/in/vitofalco
_______________________________________________ Plone-IT mailing list plone...@lists.plone.org https://lists.plone.org/mailman/listinfo/plone-plone-it http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html