Re: [Plone-IT] iframe vuoti improvvisamente

Giampiero Lago Fri, 12 Jan 2018 06:18:54 -0800

Vito,

ho notato una cosa; deve essere sicuramente qualcosa a livello di nginxo comunque reverse proxy perchè se accedo con l'indirizzo interno(http://192.168.3.19:8110/tigem) mi fa vedere tutto.


Grazie

Giampiero

On 12/01/2018 10:49, Vito Falco wrote:

Nella Header della response trovo:

Content-Security-Policy:

default-src 'self'; img-src *; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval'

Content-Security-Policy-Report-Only:

default-src 'self'; img-src *; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval'

Quindi il "problema" risiede nella configurazione del virtualhost deltuo server Nginx.Vai a vedere il config, troverai questi parametri settati (oppureereditati da un file di configurazione superiore).


Hai due strade:
- li elimini proprio e torni a servire il sito "come facevi prima"

- oppure ti studi per benehttps://developer.mozilla.org/en-US/docs/Web/HTTP/CSP<https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP> e capisci qualè la configurazione a te più congeniale


Vito

Il giorno 12 gennaio 2018 10:46, Giampiero Lago <l...@tigem.it<mailto:l...@tigem.it>> ha scritto:


    Il sito è http://www.tigem.it

    Grazie
    Giampiero


    On 12/01/2018 10:42, Vito Falco wrote:

    Ciao Giampiero,
    il problema risiede o nelle direttive che hai nei meta dell'head
    delle tue pagine Plone oppure di specifiche direttive al
    webserver che metti davanti a Plone (Nginx, Apache, etc)

    Controlla se hai nella source della tua pagina il meta
    "Content-Security-Policy" oppure, se qui non c'è, se viene posto
    nell'Header della response.
    Puoi controllare anche questo tramite il tab Network della
    console di debug del browser.

    Se il sito è pubblico, manda link che vediamo.

    Vito

    2018-01-12 10:21 GMT+01:00 Giampiero Lago <l...@tigem.it
    <mailto:l...@tigem.it>>:

        Effettivamente aprendo la consolole con Chrome mi compare:

        (con un portlet embed di video YouTube)

        The Content Security Policy 'default-src 'self'; img-src *;
        style-src 'self' 'unsafe-inline'; script-src 'self'
        'unsafe-inline' 'unsafe-eval'' was delivered in report-only
        mode, but does not specify a 'report-uri'; the policy will
        have no effect. Please either add a 'report-uri' directive,
        or deliver the policy via the 'Content-Security-Policy' header.
        
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
        [Report Only] Refused to load the font 'https:' because it
        violates the following Content Security Policy directive:
        "default-src 'self'". Note that 'font-src' was not explicitly
        set, so 'default-src' is used as a fallback.

        (anonymous) @
        
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
        v @
        
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
        (anonymous) @
        
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
        (anonymous) @
        
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
        (anonymous) @
        
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
        (index):8 [Report Only] Refused to load the stylesheet
        
'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900
        
<http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900>'
        because it violates the following Content Security Policy
        directive: "style-src 'self' 'unsafe-inline'".

        (index):8 Refused to load the stylesheet
        
'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900
        
<http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900>'
        because it violates the following Content Security Policy
        directive: "style-src 'self' 'unsafe-inline'".

        (index):1205 Unrecognized feature: 'autoplay'.
        (index):1205 [Report Only] Refused to frame
        'https://www.youtube.com/' because it violates the following
        Content Security Policy directive: "default-src 'self'". Note
        that 'frame-src' was not explicitly set, so 'default-src' is
        used as a fallback.

        (index):1205 Refused to frame 'https://www.youtube.com/'
        because it violates the following Content Security Policy
        directive: "default-src 'self'". Note that 'frame-src' was
        not explicitly set, so 'default-src' is used as a fallback.

        (con una pagina con un embed di mappa Google Maps)

        [Report Only] Refused to load the font 'https:' because it
        violates the following Content Security Policy directive:
        "default-src 'self'". Note that 'font-src' was not explicitly
        set, so 'default-src' is used as a fallback.

        (anonymous) @
        
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
        v @
        
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
        (anonymous) @
        
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
        (anonymous) @
        
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
        (anonymous) @
        
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
        location-2:8 [Report Only] Refused to load the stylesheet
        
'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900
        
<http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900>'
        because it violates the following Content Security Policy
        directive: "style-src 'self' 'unsafe-inline'".

        location-2:8 Refused to load the stylesheet
        
'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900
        
<http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900>'
        because it violates the following Content Security Policy
        directive: "style-src 'self' 'unsafe-inline'".

        location-2:252 [Report Only] Refused to frame
        'https://www.google.com/' because it violates the following
        Content Security Policy directive: "default-src 'self'". Note
        that 'frame-src' was not explicitly set, so 'default-src' is
        used as a fallback.

        location-2:252 Refused to frame 'https://www.google.com/'
        because it violates the following Content Security Policy
        directive: "default-src 'self'". Note that 'frame-src' was
        not explicitly set, so 'default-src' is used as a fallback.

        ed è una cosa che mi è capitata anche con un altro sito PHP
        che avevo (risolto scaricando i css e js in locale e
        togliendo i riferimenti http:// nel tag <script> e <style>)

        ma come faccio a risolverlo in Plone ????

        Grazie Mille


        On 11/01/2018 17:32, Vito Falco wrote:

        Ciao,
        guarda la console di debug... non è che hai un sito web che
        ora serve in https e cerca di includere iframe serviti in http?

        Vito

        Il giorno 11 gennaio 2018 17:22, Giampiero Lago
        <l...@tigem.it <mailto:l...@tigem.it>> ha scritto:

            Salve ragazzi,

            ho un problema sul mio sito plone 4; improvvisamente
            tutti gli iframe (benché io abbia abilitato l'iframe con
            tag html e benché fino ad ieri funzionasse tutto) sono
            vuoti; quindi tutti i video Youtube con
            collective.portlet.embed e tutte le mappe gmaps sono
            sparite.
            Se vado nella sorgente della pagina (con firebug per
            esempio) c'è tutto ma è come se non fosse renderizzato.
            Il tutto è successo all'improvviso dopo anni di
            funzionamento...
            Ho riavviato l'istanza e il buidolut ma niente...

            la mia configurazione:

              * Plone 4.3.2 (4307)

              * CMF 2.2.7

              * Zope 2.13.21

              * Python 2.7.3 (default, Jan 2 2013, 13:56:14) [GCC 4.7.2]

              * PIL 1.7.8 (Pillow)

            Grazie Mille

            Giampiero

--Giampiero Lago

            Web Area Manager - IT Core
            TIGEM (Telethon Institute of Genetics and Medicine)
            Via Campi Flegrei, 34
            80078 - POZZUOLI (NA)

            Direct Phone:               +39 081 19230637 
<tel:+39%20081%201923%200637>
            Secretariat Phone:  +39 081 19230600 <tel:+39%20081%201923%200600>
            Fax:                        +39 081 19230651 
<tel:+39%20081%201923%200651>
            E-mail:                     l...@tigem.it <mailto:l...@tigem.it>
            Website:            http://www.tigem.it


            _______________________________________________
            Plone-IT mailing list
            plone...@lists.plone.org <mailto:plone...@lists.plone.org>
            https://lists.plone.org/mailman/listinfo/plone-plone-it
            <https://lists.plone.org/mailman/listinfo/plone-plone-it>
            
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
            
<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>

--*Vito Falco*

        Developer & UI designer | Freelance
        Bari, IT
        Linkedin it.linkedin.com/in/vitofalco
        <http://it.linkedin.com/in/vitofalco>


        _______________________________________________
        Plone-IT mailing list
        plone...@lists.plone.org <mailto:plone...@lists.plone.org>
        https://lists.plone.org/mailman/listinfo/plone-plone-it
        <https://lists.plone.org/mailman/listinfo/plone-plone-it>
        
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
        
<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>

--Giampiero Lago

        Web Area Manager - IT Core
        TIGEM (Telethon Institute of Genetics and Medicine)
        Via Campi Flegrei, 34
        80078 - POZZUOLI (NA)

        Direct Phone:           +39 081 19230637 <tel:+39%20081%201923%200637>
        Secretariat Phone:      +39 081 19230600 <tel:+39%20081%201923%200600>
        Fax:                    +39 081 19230651 <tel:+39%20081%201923%200651>
        E-mail:                 l...@tigem.it <mailto:l...@tigem.it>
        Website:                http://www.tigem.it


        _______________________________________________
        Plone-IT mailing list
        plone...@lists.plone.org <mailto:plone...@lists.plone.org>
        https://lists.plone.org/mailman/listinfo/plone-plone-it
        <https://lists.plone.org/mailman/listinfo/plone-plone-it>
        
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
        
<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>

--*Vito Falco*

    Developer & UI designer | Freelance
    Bari, IT
    Linkedin it.linkedin.com/in/vitofalco
    <http://it.linkedin.com/in/vitofalco>


    _______________________________________________
    Plone-IT mailing list
    plone...@lists.plone.org <mailto:plone...@lists.plone.org>
    https://lists.plone.org/mailman/listinfo/plone-plone-it
    <https://lists.plone.org/mailman/listinfo/plone-plone-it>
    http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
    <http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>

--Giampiero Lago

    Web Area Manager - IT Core
    TIGEM (Telethon Institute of Genetics and Medicine)
    Via Campi Flegrei, 34
    80078 - POZZUOLI (NA)

    Direct Phone:               +39 081 19230637 <tel:+39%20081%201923%200637>
    Secretariat Phone:  +39 081 19230600 <tel:+39%20081%201923%200600>
    Fax:                        +39 081 19230651 <tel:+39%20081%201923%200651>
    E-mail:                     l...@tigem.it <mailto:l...@tigem.it>
    Website:            http://www.tigem.it


    _______________________________________________
    Plone-IT mailing list
    plone...@lists.plone.org <mailto:plone...@lists.plone.org>
    https://lists.plone.org/mailman/listinfo/plone-plone-it
    <https://lists.plone.org/mailman/listinfo/plone-plone-it>
    http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
    <http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>




--
*Vito Falco*
Developer & UI designer | Freelance
Bari, IT

Linkedin it.linkedin.com/in/vitofalco<http://it.linkedin.com/in/vitofalco>



_______________________________________________
Plone-IT mailing list
plone...@lists.plone.org
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html



--
Giampiero Lago
Web Area Manager - IT Core
TIGEM (Telethon Institute of Genetics and Medicine)
Via Campi Flegrei, 34
80078 - POZZUOLI (NA)

Direct Phone:           +39 081 19230637
Secretariat Phone:      +39 081 19230600
Fax:                    +39 081 19230651
E-mail:                 l...@tigem.it
Website:                http://www.tigem.it

_______________________________________________
Plone-IT mailing list
plone...@lists.plone.org
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html

Re: [Plone-IT] iframe vuoti improvvisamente

Rispondere a