Content security policy

mki-miro · 2017-09-19 07:08:39

Hi

I am getting this error in console window:
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src

I think the problem is here:
onclick="return lh_inst.lhc_need_help_click();"

Here i some description:
https://stackoverflow.com/questions/310 … he-followi

Do you plan to fix this issue?
I dont want to disable CSP.

Thank you

PeopleInside · 2017-09-19 07:35:00

Hi mki-miro,
seems your website give error 500 this let me think you have some issue on your server and configuration.
What Content Security Policy are you using? Because I have a CSP and do not see any issue with live helper chat.

Have a nice day smile

mki-miro · 2017-09-19 07:39:11

which website? you can see error on puzzlemania.sk

CSP config:
csp:
default-src:
- self
- unsafe-inline
script-src: [
nonce
self, unsafe-inline, connect.facebook.net, www.google-analytics.com, rec.smartlook.com, www.chat.mki.sk, embed.tawk.to, cdn.jsdelivr.net, va.tawk.to, www.googletagmanager.com, ssl.heureka.sk
]
frame-ancestors:
- self
- www.google.com
- www.youtube.com
form-action:
- self
- va.tawk.to
child-src:
- self
- www.facebook.com
- web.facebook.com
- staticxx.facebook.com
- www.google.com
- www.youtube.com
- *.tawk.to
- ssl.heureka.sk
style-src:
- self
- unsafe-inline
- fonts.googleapis.com
- cdn.jsdelivr.net
font-src:
- self
- fonts.gstatic.com
- static-v.tawk.to
img-src:
- self
- www.facebook.com
- web.facebook.com
- www.google-analytics.com
- www.chat.mki.sk
- static-v.tawk.to
- cdn.jsdelivr.net
- im9.cz
connect-src:
- self
- *.smartlook.com
- *.tawk.to
- wss://*.tawk.to

PeopleInside · 2017-09-19 07:43:29

Hi mki-miro,
your email domain is not working from the web.

I do not know if this CSP is correct, maybe if not can cause issue.
What version of Live helper chat are you using? What is your PHP?

I think can be an issue from your side but if you belive there are issue on Live helper chat please open your request of support on the GitHub page so will be review by the chat owner.
Please, if you open a GitHub topic paste the link here so interested visitor can follow the discussion and the progress.

Thank you
GitHub link is on my forum signature.

mki-miro · 2017-09-19 07:46:02

Did you read this?
https://stackoverflow.com/questions/310 … he-followi

You should not use onlick
onclick="return lh_inst.lhc_need_help_click();"

i think this has to be rewritten

PeopleInside · 2017-09-19 07:49:23

Your GitHub topic https://github.com/LiveHelperChat/liveh … ssues/1106

mki-miro · 2017-09-19 09:54:09

btw can you write url where it works with CSP enabled? thanks

PeopleInside · 2017-09-19 10:04:12

Is my personal website and I have only a simply rule for upgrade all insecure connections.

mki-miro · 2017-09-19 10:18:12

here is it desribed in google chrome developer tutorial:
https://developer.chrome.com/extensions … ne_scripts

PeopleInside · 2017-09-19 10:22:13

Topic closed. For any support regarding this consider your GitHub topic. Thank you!

PeopleInside · 2017-09-21 13:28:01

Hi,
I AM glad to inform you that your GitHub report has made a fix.

Git Hub Topic:
https://github.com/LiveHelperChat/liveh … 1259378454
FIX

Thank you!
For any issue regarding this you can continue the discussion on GitHub.
Have a great day and time!

Thanks again for your report.

Announcement

#1 2017-09-19 07:08:39

Content security policy

#2 2017-09-19 07:35:00

Re: Content security policy

#3 2017-09-19 07:39:11

Re: Content security policy

#4 2017-09-19 07:43:29

Re: Content security policy

#5 2017-09-19 07:46:02

Re: Content security policy

#6 2017-09-19 07:49:23

Re: Content security policy

#7 2017-09-19 09:54:09

Re: Content security policy

#8 2017-09-19 10:04:12

Re: Content security policy

#9 2017-09-19 10:18:12

Re: Content security policy

#10 2017-09-19 10:22:13

Re: Content security policy

#11 2017-09-21 13:28:01

Re: Content security policy

Board footer