Ciao Giampiero,
il problema risiede o nelle direttive che hai nei meta dell'head
delle tue pagine Plone oppure di specifiche direttive al
webserver che metti davanti a Plone (Nginx, Apache, etc)
Controlla se hai nella source della tua pagina il meta
"Content-Security-Policy" oppure, se qui non c'è, se viene posto
nell'Header della response.
Puoi controllare anche questo tramite il tab Network della
console di debug del browser.
Se il sito è pubblico, manda link che vediamo.
Vito
2018-01-12 10:21 GMT+01:00 Giampiero Lago <l...@tigem.it
<mailto:l...@tigem.it>>:
Effettivamente aprendo la consolole con Chrome mi compare:
(con un portlet embed di video YouTube)
The Content Security Policy 'default-src 'self'; img-src *;
style-src 'self' 'unsafe-inline'; script-src 'self'
'unsafe-inline' 'unsafe-eval'' was delivered in report-only
mode, but does not specify a 'report-uri'; the policy will
have no effect. Please either add a 'report-uri' directive,
or deliver the policy via the 'Content-Security-Policy' header.
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
[Report Only] Refused to load the font 'https:' because it
violates the following Content Security Policy directive:
"default-src 'self'". Note that 'font-src' was not explicitly
set, so 'default-src' is used as a fallback.
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
v @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(index):8 [Report Only] Refused to load the stylesheet
'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900
<http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900>'
because it violates the following Content Security Policy
directive: "style-src 'self' 'unsafe-inline'".
(index):8 Refused to load the stylesheet
'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900
<http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900>'
because it violates the following Content Security Policy
directive: "style-src 'self' 'unsafe-inline'".
(index):1205 Unrecognized feature: 'autoplay'.
(index):1205 [Report Only] Refused to frame
'https://www.youtube.com/' because it violates the following
Content Security Policy directive: "default-src 'self'". Note
that 'frame-src' was not explicitly set, so 'default-src' is
used as a fallback.
(index):1205 Refused to frame 'https://www.youtube.com/'
because it violates the following Content Security Policy
directive: "default-src 'self'". Note that 'frame-src' was
not explicitly set, so 'default-src' is used as a fallback.
(con una pagina con un embed di mappa Google Maps)
[Report Only] Refused to load the font 'https:' because it
violates the following Content Security Policy directive:
"default-src 'self'". Note that 'font-src' was not explicitly
set, so 'default-src' is used as a fallback.
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
v @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
(anonymous) @
resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
location-2:8 [Report Only] Refused to load the stylesheet
'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900
<http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900>'
because it violates the following Content Security Policy
directive: "style-src 'self' 'unsafe-inline'".
location-2:8 Refused to load the stylesheet
'http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900
<http://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900>'
because it violates the following Content Security Policy
directive: "style-src 'self' 'unsafe-inline'".
location-2:252 [Report Only] Refused to frame
'https://www.google.com/' because it violates the following
Content Security Policy directive: "default-src 'self'". Note
that 'frame-src' was not explicitly set, so 'default-src' is
used as a fallback.
location-2:252 Refused to frame 'https://www.google.com/'
because it violates the following Content Security Policy
directive: "default-src 'self'". Note that 'frame-src' was
not explicitly set, so 'default-src' is used as a fallback.
ed è una cosa che mi è capitata anche con un altro sito PHP
che avevo (risolto scaricando i css e js in locale e
togliendo i riferimenti http:// nel tag <script> e <style>)
ma come faccio a risolverlo in Plone ????
Grazie Mille
On 11/01/2018 17:32, Vito Falco wrote:
Ciao,
guarda la console di debug... non è che hai un sito web che
ora serve in https e cerca di includere iframe serviti in http?
Vito
Il giorno 11 gennaio 2018 17:22, Giampiero Lago
<l...@tigem.it <mailto:l...@tigem.it>> ha scritto:
Salve ragazzi,
ho un problema sul mio sito plone 4; improvvisamente
tutti gli iframe (benché io abbia abilitato l'iframe con
tag html e benché fino ad ieri funzionasse tutto) sono
vuoti; quindi tutti i video Youtube con
collective.portlet.embed e tutte le mappe gmaps sono
sparite.
Se vado nella sorgente della pagina (con firebug per
esempio) c'è tutto ma è come se non fosse renderizzato.
Il tutto è successo all'improvviso dopo anni di
funzionamento...
Ho riavviato l'istanza e il buidolut ma niente...
la mia configurazione:
* Plone 4.3.2 (4307)
* CMF 2.2.7
* Zope 2.13.21
* Python 2.7.3 (default, Jan 2 2013, 13:56:14) [GCC 4.7.2]
* PIL 1.7.8 (Pillow)
Grazie Mille
Giampiero
--
Giampiero Lago
Web Area Manager - IT Core
TIGEM (Telethon Institute of Genetics and Medicine)
Via Campi Flegrei, 34
80078 - POZZUOLI (NA)
Direct Phone: +39 081 19230637
<tel:+39%20081%201923%200637>
Secretariat Phone: +39 081 19230600 <tel:+39%20081%201923%200600>
Fax: +39 081 19230651
<tel:+39%20081%201923%200651>
E-mail: l...@tigem.it <mailto:l...@tigem.it>
Website: http://www.tigem.it
_______________________________________________
Plone-IT mailing list
plone...@lists.plone.org <mailto:plone...@lists.plone.org>
https://lists.plone.org/mailman/listinfo/plone-plone-it
<https://lists.plone.org/mailman/listinfo/plone-plone-it>
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>
--
*Vito Falco*
Developer & UI designer | Freelance
Bari, IT
Linkedin it.linkedin.com/in/vitofalco
<http://it.linkedin.com/in/vitofalco>
_______________________________________________
Plone-IT mailing list
plone...@lists.plone.org <mailto:plone...@lists.plone.org>
https://lists.plone.org/mailman/listinfo/plone-plone-it
<https://lists.plone.org/mailman/listinfo/plone-plone-it>
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>
--
Giampiero Lago
Web Area Manager - IT Core
TIGEM (Telethon Institute of Genetics and Medicine)
Via Campi Flegrei, 34
80078 - POZZUOLI (NA)
Direct Phone: +39 081 19230637 <tel:+39%20081%201923%200637>
Secretariat Phone: +39 081 19230600 <tel:+39%20081%201923%200600>
Fax: +39 081 19230651 <tel:+39%20081%201923%200651>
E-mail: l...@tigem.it <mailto:l...@tigem.it>
Website: http://www.tigem.it
_______________________________________________
Plone-IT mailing list
plone...@lists.plone.org <mailto:plone...@lists.plone.org>
https://lists.plone.org/mailman/listinfo/plone-plone-it
<https://lists.plone.org/mailman/listinfo/plone-plone-it>
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>
--
*Vito Falco*
Developer & UI designer | Freelance
Bari, IT
Linkedin it.linkedin.com/in/vitofalco
<http://it.linkedin.com/in/vitofalco>
_______________________________________________
Plone-IT mailing list
plone...@lists.plone.org <mailto:plone...@lists.plone.org>
https://lists.plone.org/mailman/listinfo/plone-plone-it
<https://lists.plone.org/mailman/listinfo/plone-plone-it>
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>