Issues After Enabling Content-Security-Policy HTTP Header Value

Discussion regarding Joomla! 5.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 191
Joined: Fri Dec 18, 2015 6:40 pm

Issues After Enabling Content-Security-Policy HTTP Header Value

Post by aboarken » Fri Feb 16, 2024 2:16 pm

Hello Joomlers,

Please I need your support as my template java scripts and other external scripts like the online chat and google reCAPTCHA are blocked after I have configured httpheader plugin:

*Content-Security-Policy >>> Value: script-src 'self'

Please how to fix this issue? Thanks in in advance.

Regards, Ahmad Moussa
You do not have the required permissions to view the files attached to this post.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44133
Joined: Sat Apr 05, 2008 9:58 pm

Re: Issues After Enabling Content-Security-Policy HTTP Header Value

Post by Webdongle » Fri Feb 16, 2024 3:27 pm

If you can't open administrator you can edit the plugin in the database.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 191
Joined: Fri Dec 18, 2015 6:40 pm

Re: Issues After Enabling Content-Security-Policy HTTP Header Value

Post by aboarken » Fri Feb 16, 2024 8:10 pm

Hello Webdongle, thank you for your reply. I can access the administrator backend...my issue is that Google ReCAPTCHA is blocked with other google and extra scripts added to my site template due to the HTTPHeader configuration. Can you help please? If I remove the force Content-Security-Policy, everything will work without any issues.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44133
Joined: Sat Apr 05, 2008 9:58 pm

Re: Issues After Enabling Content-Security-Policy HTTP Header Value

Post by Webdongle » Fri Feb 16, 2024 10:24 pm

Not 100% sure but doesn't Content-Security-Policy >>> Value: script-src 'self' prevent scripts from outside sources running?
In any case.
IF you don't know how to configure it
THEN EITHER
you could break your site
OR
you could inadvertently make your site less secure
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 191
Joined: Fri Dec 18, 2015 6:40 pm

Re: Issues After Enabling Content-Security-Policy HTTP Header Value

Post by aboarken » Sat Feb 17, 2024 8:55 am

Thank you. In this case, how I can do an exception for those scripts from outside like Google and Chatbots? Can you help please?


Post Reply

Return to “Security in Joomla! 5.x”