Keyword

Header Content-Security-Policy

  • roland
  • roland's Avatar Topic Author
  • Offline
  • New Member
More
5 months 1 week ago #171516 by roland
roland created the topic: Header Content-Security-Policy
Hi,

My company cybersecutity team requests that the Header Content-Security-Policy be set for the web site. Even if I set this header in a quite permissive way, allvideos stops showing the mp4 video. Instead it shows a blank white screen area on the browser. The setting is:

Header set Content-Security-Policy "default-src 'self' 'unsafe-inline'"

I need this to work, what is your suggestion.

br
Roland

Please Log in or Create an account to join the conversation.

  • Fotis
  • Fotis's Avatar
  • Offline
  • Administrator
  • JoomlaWorks Support Team
More
5 months 1 week ago #171528 by Fotis
Fotis replied the topic: Header Content-Security-Policy
Is the MP4 file located on a remote server perhaps?

I also recommend you check your available options for that header in this blog post by fellow Jooml-ers itoctopus: www.itoctopus.com/how-content-security-policy-can-help-protect-your-joomla-website

If you use & love K2, please take a moment to add your review and rate it
at the Joomla Extensions Directory: extensions.joomla.org/extension/k2/


IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

Please Log in or Create an account to join the conversation.

  • roland
  • roland's Avatar Topic Author
  • Offline
  • New Member
More
4 months 4 weeks ago #171590 by roland
roland replied the topic: Header Content-Security-Policy
Hi,
I did not see your message. Strange because I thought I would receive a mail because I have checked the box to receive the reply. So sorry for my late answer.

The file is located on the same server. I have read the itoctopus and many other sites. Nothing works with allvideos. All the rest of my web site works very well and I use lots of components and modules.

I have installed a clean Joomla with no third party. Then just added the allvideos pluggin and just with it the header declaration will not let it work. My videos are always located on local server, mp4 files. Please, try to do it yourself and see. There is a need of a solution because this header is needed on web sites. Or maybe I am doing something wrong, I do not know.

best regards
Roland

Please Log in or Create an account to join the conversation.

  • Fotis
  • Fotis's Avatar
  • Offline
  • Administrator
  • JoomlaWorks Support Team
More
4 months 3 weeks ago #171598 by Fotis
Fotis replied the topic: Header Content-Security-Policy
My guess is that the JS video player probably freaks out with that header. A quick Google search reveals similar issues with various JS libraries/scripts.

I do plan on using native <video> tags in the coming update, so that should solve the issue.

If you use & love K2, please take a moment to add your review and rate it
at the Joomla Extensions Directory: extensions.joomla.org/extension/k2/


IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

Please Log in or Create an account to join the conversation.

  • roland
  • roland's Avatar Topic Author
  • Offline
  • New Member
More
4 months 3 weeks ago #171602 by roland
roland replied the topic: Header Content-Security-Policy
When is your coming update scheduled to be published ?

br
Roland

Please Log in or Create an account to join the conversation.

  • Fotis
  • Fotis's Avatar
  • Offline
  • Administrator
  • JoomlaWorks Support Team
More
4 months 3 weeks ago #171611 by Fotis
Fotis replied the topic: Header Content-Security-Policy
Within April for sure. If time permits to, it'll be Joomla 4 compatible too.

If you use & love K2, please take a moment to add your review and rate it
at the Joomla Extensions Directory: extensions.joomla.org/extension/k2/


IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

Please Log in or Create an account to join the conversation.


Powered by Kunena Forum