Page 1 of 1

website security and Pano2vr's html template

Posted: Sun Sep 02, 2018 1:57 am
by Carel
Has anyone here implemented a "Content Security Policy" - https://en.wikipedia.org/wiki/Content_Security_Policy on their panorama website? CSP does not like inline javascript or inline style (both are present in the Pano2vr html template) and I am curious how people have dealt with this.

Re: website security and Pano2vr's html template

Posted: Mon Sep 10, 2018 8:21 pm
by Hopki
Hi Carol,
Sorry I have not played with this, don't know if anyone else has.
Regards,
Hopki

Re: website security and Pano2vr's html template

Posted: Tue Sep 11, 2018 5:04 pm
by 360Texas
Similar maybe off topic:
Our website host made it easy to convert our http// site to a https// safe site.

When I converted I lost the ability to use a script that calls an external Easy_Rotator .js file from another site. Its an image slider/fader function. Rather than slide it fades to replace the previous image. Its also a responsive design.

Code: Select all

<script type="text/javascript" src="http://c520866.r66.cf2.rackcdn.com/1/js/easy_rotator.min.js"></script>
So I changed it back to a NOT safe site until I can find a replacement code set that is internal to the site and not dependent on downloading from external site.

Just a thought

Re: website security and Pano2vr's html template

Posted: Tue Sep 11, 2018 7:41 pm
by Carel
If the webhost's http>https conversion does not allow offsite scripts, why don't you put the easy rotator script file on your own server? It is probably a good idea to not allow off-site scripts anyhow.

Re: website security and Pano2vr's html template

Posted: Tue Sep 11, 2018 8:37 pm
by 360Texas
True. Then I would re-write the script line to point the easy_rotator.min.js file in my /js file on my iPower.com Host server. Then I could change http: > https:

This would resolve my Website Security issue. Which is the only one I have at the moment.

I am not sure... inline javascript or inline style (both are present in the Pano2vr html template) is calling external files