[Plone-IT] iframe vuoti improvvisamente

Vito Falco vitofalco a gmail.com
Ven 12 Gen 2018 09:43:32 UTC


Btw
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP


2018-01-12 10:42 GMT+01:00 Vito Falco <vitofalco a gmail.com>:

> Ciao Giampiero,
> il problema risiede o nelle direttive che hai nei meta dell'head delle tue
> pagine Plone oppure di specifiche direttive al webserver che metti davanti
> a Plone (Nginx, Apache, etc)
>
> Controlla se hai nella source della tua pagina il meta
> "Content-Security-Policy"  oppure, se qui non c'è, se viene posto
> nell'Header della response.
> Puoi controllare anche questo tramite il tab Network della console di
> debug del browser.
>
> Se il sito è pubblico, manda link che vediamo.
>
> Vito
>
> 2018-01-12 10:21 GMT+01:00 Giampiero Lago <lago a tigem.it>:
>
>> Effettivamente aprendo la consolole con Chrome mi compare:
>>
>> (con un portlet embed di video YouTube)
>>
>> The Content Security Policy 'default-src 'self'; img-src *; style-src
>> 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval''
>> was delivered in report-only mode, but does not specify a 'report-uri'; the
>> policy will have no effect. Please either add a 'report-uri' directive, or
>> deliver the policy via the 'Content-Security-Policy' header.
>> resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> [Report Only] Refused to load the font 'https:' because it violates the
>> following Content Security Policy directive: "default-src 'self'". Note
>> that 'font-src' was not explicitly set, so 'default-src' is used as a
>> fallback.
>>
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> v @ resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3e
>> f7d491.js:392
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> (index):8 [Report Only] Refused to load the stylesheet '
>> http://fonts.googleapis.com/css?family=Raleway:400,100,200,
>> 300,500,600,700,800,900' because it violates the following Content
>> Security Policy directive: "style-src 'self' 'unsafe-inline'".
>>
>> (index):8 Refused to load the stylesheet 'http://fonts.googleapis.com/c
>> ss?family=Raleway:400,100,200,300,500,600,700,800,900' because it
>> violates the following Content Security Policy directive: "style-src 'self'
>> 'unsafe-inline'".
>>
>> (index):1205 Unrecognized feature: 'autoplay'.
>> (index):1205 [Report Only] Refused to frame 'https://www.youtube.com/'
>> because it violates the following Content Security Policy directive:
>> "default-src 'self'". Note that 'frame-src' was not explicitly set, so
>> 'default-src' is used as a fallback.
>>
>> (index):1205 Refused to frame 'https://www.youtube.com/' because it
>> violates the following Content Security Policy directive: "default-src
>> 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is
>> used as a fallback.
>>
>> (con una pagina con un embed di mappa Google Maps)
>>
>> [Report Only] Refused to load the font 'https:' because it violates the
>> following Content Security Policy directive: "default-src 'self'". Note
>> that 'font-src' was not explicitly set, so 'default-src' is used as a
>> fallback.
>>
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> v @ resourceplone.app.jquery-cachekey-b5f2581d6cf07ba7deab6d9d3e
>> f7d491.js:392
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> (anonymous) @ resourceplone.app.jquery-cache
>> key-b5f2581d6cf07ba7deab6d9d3ef7d491.js:392
>> location-2:8 [Report Only] Refused to load the stylesheet '
>> http://fonts.googleapis.com/css?family=Raleway:400,100,200,
>> 300,500,600,700,800,900' because it violates the following Content
>> Security Policy directive: "style-src 'self' 'unsafe-inline'".
>>
>> location-2:8 Refused to load the stylesheet '
>> http://fonts.googleapis.com/css?family=Raleway:400,100,200,
>> 300,500,600,700,800,900' because it violates the following Content
>> Security Policy directive: "style-src 'self' 'unsafe-inline'".
>>
>> location-2:252 [Report Only] Refused to frame 'https://www.google.com/'
>> because it violates the following Content Security Policy directive:
>> "default-src 'self'". Note that 'frame-src' was not explicitly set, so
>> 'default-src' is used as a fallback.
>>
>> location-2:252 Refused to frame 'https://www.google.com/' because it
>> violates the following Content Security Policy directive: "default-src
>> 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is
>> used as a fallback.
>>
>> ed è una cosa che mi è capitata anche con un altro sito PHP che avevo
>> (risolto scaricando i css e js in locale e togliendo i riferimenti
>> http:// nel tag <script> e <style>)
>>
>> ma come faccio a risolverlo in Plone ????
>>
>> Grazie Mille
>>
>>
>> On 11/01/2018 17:32, Vito Falco wrote:
>>
>> Ciao,
>> guarda la console di debug... non è che hai un sito web che ora serve in
>> https e cerca di includere iframe serviti in http?
>>
>> Vito
>>
>> Il giorno 11 gennaio 2018 17:22, Giampiero Lago <lago a tigem.it> ha
>> scritto:
>>
>>> Salve ragazzi,
>>>
>>> ho un problema sul mio sito plone 4; improvvisamente tutti gli iframe
>>> (benché io abbia abilitato l'iframe con tag html e benché fino ad ieri
>>> funzionasse tutto) sono vuoti; quindi tutti i video Youtube con
>>> collective.portlet.embed e tutte le mappe gmaps sono sparite.
>>> Se vado nella sorgente della pagina (con firebug per esempio) c'è tutto
>>> ma è come se non fosse renderizzato.
>>> Il tutto è successo all'improvviso dopo anni di funzionamento...
>>> Ho riavviato l'istanza e il buidolut ma niente...
>>>
>>> la mia configurazione:
>>>
>>>
>>>    - Plone 4.3.2 (4307)
>>>
>>>
>>>    - CMF 2.2.7
>>>
>>>
>>>    - Zope 2.13.21
>>>
>>>
>>>    - Python 2.7.3 (default, Jan 2 2013, 13:56:14) [GCC 4.7.2]
>>>
>>>
>>>    - PIL 1.7.8 (Pillow)
>>>
>>> Grazie Mille
>>>
>>> Giampiero
>>>
>>> --
>>> Giampiero Lago
>>> Web Area Manager - IT Core
>>> TIGEM (Telethon Institute of Genetics and Medicine)
>>> Via Campi Flegrei, 34
>>> 80078 - POZZUOLI (NA)
>>>
>>> Direct Phone:		+39 081 19230637 <+39%20081%201923%200637>
>>> Secretariat Phone:	+39 081 19230600 <+39%20081%201923%200600>
>>> Fax:			+39 081 19230651 <+39%20081%201923%200651>
>>> E-mail:			lago a tigem.it
>>> Website:		http://www.tigem.it
>>>
>>>
>>> _______________________________________________
>>> Plone-IT mailing list
>>> Plone-IT a lists.plone.org
>>> https://lists.plone.org/mailman/listinfo/plone-plone-it
>>> http://plone-regional-forums.221720.n2.nabble.com/Plone-Ital
>>> y-f221721.html
>>>
>>>
>>
>>
>> --
>> *Vito Falco*
>> Developer & UI designer | Freelance
>> Bari, IT
>> Linkedin it.linkedin.com/in/vitofalco
>>
>>
>> _______________________________________________
>> Plone-IT mailing listPlone-IT a lists.plone.orghttps://lists.plone.org/mailman/listinfo/plone-plone-ithttp://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
>>
>>
>>
>> --
>> Giampiero Lago
>> Web Area Manager - IT Core
>> TIGEM (Telethon Institute of Genetics and Medicine)
>> Via Campi Flegrei, 34
>> 80078 - POZZUOLI (NA)
>>
>> Direct Phone:		+39 081 19230637 <+39%20081%201923%200637>
>> Secretariat Phone:	+39 081 19230600 <+39%20081%201923%200600>
>> Fax:			+39 081 19230651 <+39%20081%201923%200651>
>> E-mail:			lago a tigem.it
>> Website:		http://www.tigem.it
>>
>>
>> _______________________________________________
>> Plone-IT mailing list
>> Plone-IT a lists.plone.org
>> https://lists.plone.org/mailman/listinfo/plone-plone-it
>> http://plone-regional-forums.221720.n2.nabble.com/Plone-Ital
>> y-f221721.html
>>
>>
>
>
> --
> *Vito Falco*
> Developer & UI designer | Freelance
> Bari, IT
> Linkedin it.linkedin.com/in/vitofalco
>



-- 
*Vito Falco*
Developer & UI designer | Freelance
Bari, IT
Linkedin it.linkedin.com/in/vitofalco
-------------- parte successiva --------------
Un allegato HTML è stato rimosso...
URL: <http://lists.plone.org/pipermail/plone-plone-it/attachments/20180112/a1d82b94/attachment-0001.html>


Maggiori informazioni sulla lista Plone-IT