iGalerie

Vous n'êtes pas identifié(e).

Annonce

Un message d'erreur qui s'affiche ? Un mot de passe oublié ? L'ajout de fichier qui ne marche pas ?
Pensez d'abord à lire la FAQ, vous y trouverez probablement une solution à votre problème.

#1 28-03-2024 14:26:50

Peter Martin
Membre
Inscription : 26-03-2024
Messages : 4

Modals do not work on my v3.0.23 install

https://www.dissens.us/i/ <== v3.0.23 (does not work, no incidences reported)
https://www.woodcentral.com/gallery/ <== v3.0.22 (work OK)

Clicking any link that uses a modal (login, edit, slideshow, etc.) does not work. In another thread, you mentioned v3.0.23 uses Content Security Policies. Where are the CSP policies defined? I suspect the JavaScript is not loading.

Hors ligne

#2 28-03-2024 15:45:07

David
Développeur d'iGalerie
Inscription : 12-05-2006
Messages : 4 382
Site Web

Re : Modals do not work on my v3.0.23 install

Hi,

The problem is the "rocket-loader.min.js" file added at the end of each page.

Hors ligne

#3 30-03-2024 22:41:01

Peter Martin
Membre
Inscription : 26-03-2024
Messages : 4

Re : Modals do not work on my v3.0.23 install

Thanks David. It was from the Cloudflare CDN and solved by turning off its Rocket Loader feature.

Still having issues, apparently related to new CSP. Is this the right syntax to use in config.php?

define('CONF_HTTP_CSP_HOSTS', 'https://addtoany.com/ https://static.addtoany.com/ https://www.abol.us/ https://cdnjs.cloudflare.com/ https://www.cloudflare.com/ https://www.woodcentral.com/');

This relates to the fixed icons in the lower-right corner.

https://www.woodcentral.com/igalerie/

Added nonce to the scripts that are located in the page footer (see source code view). All now working except the green BACK icon and red CLOSE icon, and I cannot figure out why. My JavaScript skills are average at best, and I am just now learning how Content Security Policies work.

No incidents reported.

NU HTML checker
https://validator.w3.org/nu/?doc=https: … galerie%2F

Dernière modification par Peter Martin (31-03-2024 00:23:18)

Hors ligne

#4 31-03-2024 10:57:13

David
Développeur d'iGalerie
Inscription : 12-05-2006
Messages : 4 382
Site Web

Re : Modals do not work on my v3.0.23 install

Peter Martin a écrit :

Is this the right syntax to use in config.php?

define('CONF_HTTP_CSP_HOSTS', 'https://addtoany.com/ https://static.addtoany.com/ https://www.abol.us/ https://cdnjs.cloudflare.com/ https://www.cloudflare.com/ https://www.woodcentral.com/');

Yes. But you don't need to add your own site because iGalerie's CSP script-src directive already contains 'self'.

https://developer.mozilla.org/en-US/doc … urces#self


Peter Martin a écrit :

Added nonce to the scripts that are located in the page footer (see source code view). All now working but the green BACK icon and red CLOSE icon, and I cannot figure out why.

The JavaScript code for these buttons is blocked because the code is inline (onclick attribute). iGalerie's CSP script-src directive doesn't allow inline code because it doesn't include 'unsafe-inline' (to protect against XSS injections), with the exception of inline code with a nonce.

It's not possible to use a nonce here. So, you need to put the JavaScript code in an external file or in a <script> tag with a nonce. Example:

window.addEventListener('load', function()
{
   var back_button = document.querySelector('#back_button');
   if (back_button)
   {
      back_button.addEventListener('click', function()
      {
         history.go(-1);
      });
   }
});

To determine what is blocked on a page, press F12 to open the Web console. CSP directives are defined in includes/core/Security.class.php :

csp.png

Hors ligne

Pied de page des forums

Propulsé par FluxBB