Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Unmanaged Wordpress - Content Security Policy Issues

Scheduled Pinned Locked Moved WordPress (Developer)
2 Posts 2 Posters 48 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J Offline
    J Offline
    jagan
    wrote on last edited by jagan
    #1

    Hi, I have a couple of unmanaged wordpress installations and all of them have issues with content security policy settings.

    I embed a number of resources on the website. E.g., I use Adobe PDF Embed API which works fine on other hosts.
    But on Cloudron, any PDF embedded using the API does not load completely. In particular, links within the PDF do not work.
    Ditto for videos hosted on Bunnynet and embedded on wordpress (works fine elsewhere, same site migrated to other hosts).

    E.g.: https://maher.ac.in/ilms

    In the Browser Inspector, I get a bunch of errors related to the content security policies - particularly in loading JS files from other domains.

    I tried adding custom content security policy in the security tab of the application. I tried using the CSP Generator (chrome plugin) to generate policies that I can add to the CSP in the security tab, but the page completely failed to load.
    I tried adding wordpress plugins such as the 'Cookies and Content Security Policy', added all the origin domains/subdomains of the various JS files that failed to load, but nothing seems to work.

    I have been trying to understand the root of the issue. I would would be most grateful for any help and assistance in resolving this issue, please.

    Thank you.

    girishG 1 Reply Last reply
    1
  • girishG girish moved this topic from Support on
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    replied to jagan on last edited by
    #2

    @jagan by default, Cloudron doesn't set any CSP or CORS headers for apps. The apps set the appropriate CSP for themselves. The CSP setting in Cloudron is only meant to used as an extreme measure (i.e no way to change an app's hardcoded CSP).

    With this mind, I would remove any custom CSP setting you have added in Cloudron dashboard. This is most likely the wrong approach.

    Next, I would investigate the CSP/CORS headers sent by WordPress. Per, https://community.adobe.com/t5/acrobat-services-api-discussions/pdf-embed-api-got-error/td-p/13142824 , you need something like Access-Control-Allow-Origin: * sent from WordPress.

    1 Reply Last reply
    1

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.