- Posts: 15
COMMUNITY FORUM
Header Content-Security-Policy
- roland
-
Topic Author
- Offline
- New Member
Less
More
6 years 1 month ago #171516
by roland
Header Content-Security-Policy was created by roland
Hi,
My company cybersecutity team requests that the Header Content-Security-Policy be set for the web site. Even if I set this header in a quite permissive way, allvideos stops showing the mp4 video. Instead it shows a blank white screen area on the browser. The setting is:
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline'"
I need this to work, what is your suggestion.
br
Roland
My company cybersecutity team requests that the Header Content-Security-Policy be set for the web site. Even if I set this header in a quite permissive way, allvideos stops showing the mp4 video. Instead it shows a blank white screen area on the browser. The setting is:
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline'"
I need this to work, what is your suggestion.
br
Roland
Please Log in or Create an account to join the conversation.
- JoomlaWorks
-
- Offline
- Admin
Less
More
- Posts: 6227
6 years 1 month ago #171528
by JoomlaWorks
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by JoomlaWorks on topic Header Content-Security-Policy
Is the MP4 file located on a remote server perhaps?
I also recommend you check your available options for that header in this blog post by fellow Jooml-ers itoctopus: www.itoctopus.com/how-content-security-policy-can-help-protect-your-joomla-website
I also recommend you check your available options for that header in this blog post by fellow Jooml-ers itoctopus: www.itoctopus.com/how-content-security-policy-can-help-protect-your-joomla-website
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Please Log in or Create an account to join the conversation.
- roland
-
- Offline
- New Member
Less
More
- Posts: 15
6 years 3 weeks ago #171590
by roland
Replied by roland on topic Header Content-Security-Policy
Hi,
I did not see your message. Strange because I thought I would receive a mail because I have checked the box to receive the reply. So sorry for my late answer.
The file is located on the same server. I have read the itoctopus and many other sites. Nothing works with allvideos. All the rest of my web site works very well and I use lots of components and modules.
I have installed a clean Joomla with no third party. Then just added the allvideos pluggin and just with it the header declaration will not let it work. My videos are always located on local server, mp4 files. Please, try to do it yourself and see. There is a need of a solution because this header is needed on web sites. Or maybe I am doing something wrong, I do not know.
best regards
Roland
I did not see your message. Strange because I thought I would receive a mail because I have checked the box to receive the reply. So sorry for my late answer.
The file is located on the same server. I have read the itoctopus and many other sites. Nothing works with allvideos. All the rest of my web site works very well and I use lots of components and modules.
I have installed a clean Joomla with no third party. Then just added the allvideos pluggin and just with it the header declaration will not let it work. My videos are always located on local server, mp4 files. Please, try to do it yourself and see. There is a need of a solution because this header is needed on web sites. Or maybe I am doing something wrong, I do not know.
best regards
Roland
Please Log in or Create an account to join the conversation.
- JoomlaWorks
-
- Offline
- Admin
Less
More
- Posts: 6227
6 years 3 weeks ago #171598
by JoomlaWorks
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by JoomlaWorks on topic Header Content-Security-Policy
My guess is that the JS video player probably freaks out with that header. A quick Google search reveals similar issues with various JS libraries/scripts.
I do plan on using native <video> tags in the coming update, so that should solve the issue.
I do plan on using native <video> tags in the coming update, so that should solve the issue.
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Please Log in or Create an account to join the conversation.
- roland
-
- Offline
- New Member
Less
More
- Posts: 15
6 years 3 weeks ago #171602
by roland
Replied by roland on topic Header Content-Security-Policy
When is your coming update scheduled to be published ?
br
Roland
br
Roland
Please Log in or Create an account to join the conversation.
- JoomlaWorks
-
- Offline
- Admin
Less
More
- Posts: 6227
6 years 3 weeks ago #171611
by JoomlaWorks
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by JoomlaWorks on topic Header Content-Security-Policy
Within April for sure. If time permits to, it'll be Joomla 4 compatible too.
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Please Log in or Create an account to join the conversation.