Jump to content

Content Security Policy errors in fresh install


Recommended Posts

Version: 69.1.4
OS: Ubuntu 18.04

Install method: Installing in Linux (vodia.com) using the Debian commands (with sudo ./install-debian.sh)

The only steps taken to configure Vodia so far is to set the Administrator password and apply the licence.

The custom fonts for menu items are failing to load, showing ▯ instead.


Opening DevTools shows the following errors:


I note there was a similar topic posted a few months ago for 69.0.8, however a permanent solution wasn't listed.

Link to comment
Share on other sites

Fixed by adding data: to the Content-Security-Policy header for default-src in reg_head_css.html and welcome.html in Webpages (Administrator).


[[#header name="Content-Security-Policy" content="default-src 'self' data: ; style-src 'unsafe-inline' 'self'; frame-ancestors none"]]


[[#header name="Content-Security-Policy" content="default-src 'self' data: https://accounts.google.com 'unsafe-inline'; child-src 'none'; frame-src https://accounts.google.com; frame-ancestors none"]]


Link to comment
Share on other sites


Two things that are very interesting in this context (this behaviour is not normal). Firstly, you have the "OS: Ubuntu 18.04" operating system and Debian "sudo ./install-debian.sh" installed? I would also be interested to know where you have installed (I see this in context with a firewall).


Link to comment
Share on other sites

Forgive me if I'm wrong, but I believe Ubuntu is a Debian-based linux distribution, so a Debian-based install script would work on Ubuntu, yes?

It's installed in /usr/local/pbx, as defined in the install script from Installing in Linux (vodia.com)

The firewall has been configured per Used Ports (vodia.com), but I fail to see how this would result in the content security policy blocking fonts being loaded by data:.

Link to comment
Share on other sites

The firewall (hopefully) does not even have the chance to see the content. Nor does the OS make any difference. 

Not sure why my browser does not complain, but that might be something installation specific. I don't see a problem adding the data:, we'll patch the 69.2 with that (just the .dat file). We already used it in the dom_logo.htm where we need it to render the images.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...