Finally got this to work.
In http.conf I put:
AllowOverride All
Options +Indexes
Then created /path/to/roundcube/.htaccess and it has:
Header unset Content-Security-Policy
Header always set Content-Security-Policy "default-src 'unsafe-inline'
'unsafe-eval'; script-src 'self'
Good suggestion.
Unfortunately it still doesn’t work.
In http.conf I put:
But I would always get “.../roundcube/.htaccess: Header not allowed here”
So commented everything out of roundcube/.htaccess and in http.conf I put:
AllowOverride All
#Header unset
On Oct 9, 2019, at 11:46 PM, James Brown wrote:
> I think you could be right Thomas, as whatever I put into the .htaccess file
> doesn’t seem to make a difference.
Sounds like your .htaccess file is not being processed then.
What is the AllowOverride directive in your http.conf for the
I think you could be right Thomas, as whatever I put into the .htaccess file
doesn’t seem to make a difference.
Even tried putting:
Header unset Content-Security-Policy
In https.conf to no avail.
James.
> On 10 Oct 2019, at 6:06 am, roundcube--li...@thomas.freit.ag wrote:
>
> Hi
> On 10 Oct 2019, at 2:16 am, LuKreme wrote:
>
> On Oct 9, 2019, at 01:50, James Brown wrote:
>>
>> Any suggestions?
>
> What happens if there is no htaccess file?
>
Hi LuKreme.
That’s what I had originally. The CSP Header in http.conf prevents Roundcube
from working properly.
That’s
Hello,
Here's some options I've set in my apache configuration and for my
setup roundcube does show messages.
Hth
Dave.
Header always set X-Frame-Options SAMEORIGIN
# Prevent Cross Site Scripting (XSS)
Header set X-XSS-Protection "1; mode=block"
# Prevent Mime Types Security risks
Header
Hi James,
my guess is, that the header configured in your .htaccess file is not
overriding the one set in
http.conf. You can easily check this with Firefox or Chrome dev tools in the
network tab.
Unfortunately Apache httpd documentation (@
On Oct 9, 2019, at 01:50, James Brown wrote:
>
> Any suggestions?
What happens if there is no htaccess file?
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users
Still can’t get this to work.
I’m using the .htaccess file in my roundcube/ root.
Ie to override the CSP headers in http.conf (for all that Apache serves).
No matter what I put I still get no messages in the mailboxes.
Javascript Console shows:
Refused to execute a script because its hash,
Hello,
I am also interested in an answer to this question. For my setup I have:
# Content-Security-Policy
Header set Content-Security-Policy "default-src 'self';"
I have no idea if this is right or complete.
I'm also interested in the best settings for these headers:
# Prevent ClickJacking
#
Turning on 'Show Javascript Console' from Safari Develop menu showed me that my
Content Security Policy was preventing emails displaying in mailboxes.
Additionally at logout I get the message
"PHP Error: Request security check failed
REQUEST CHECK FAILED
For your protection, access to this
11 matches
Mail list logo