website security and Pano2vr's html template

Q&A about the latest versions
Post Reply
Carel
Posts: 176
Joined: Tue Sep 12, 2006 5:59 am
Location: Pasadena, CA USA
Contact:

website security and Pano2vr's html template

Post by Carel » Sun Sep 02, 2018 1:57 am

Has anyone here implemented a "Content Security Policy" - https://en.wikipedia.org/wiki/Content_Security_Policy on their panorama website? CSP does not like inline javascript or inline style (both are present in the Pano2vr html template) and I am curious how people have dealt with this.

User avatar
Hopki
Gnome
Posts: 8454
Joined: Thu Jan 10, 2008 3:16 pm
Location: Layer de la Haye, Essex UK
Contact:

Re: website security and Pano2vr's html template

Post by Hopki » Mon Sep 10, 2018 8:21 pm

Hi Carol,
Sorry I have not played with this, don't know if anyone else has.
Regards,
Hopki

User avatar
360Texas
Moderator
Posts: 3253
Joined: Sat Sep 09, 2006 6:06 pm
Location: Fort Worth, Texas USA
Contact:

Re: website security and Pano2vr's html template

Post by 360Texas » Tue Sep 11, 2018 5:04 pm

Similar maybe off topic:
Our website host made it easy to convert our http// site to a https// safe site.

When I converted I lost the ability to use a script that calls an external Easy_Rotator .js file from another site. Its an image slider/fader function. Rather than slide it fades to replace the previous image. Its also a responsive design.

Code: Select all

<script type="text/javascript" src="http://c520866.r66.cf2.rackcdn.com/1/js/easy_rotator.min.js"></script>
So I changed it back to a NOT safe site until I can find a replacement code set that is internal to the site and not dependent on downloading from external site.

Just a thought
Dave
Pano2VR Forum Global Moderator
Image
Visit 360texas.com

Carel
Posts: 176
Joined: Tue Sep 12, 2006 5:59 am
Location: Pasadena, CA USA
Contact:

Re: website security and Pano2vr's html template

Post by Carel » Tue Sep 11, 2018 7:41 pm

If the webhost's http>https conversion does not allow offsite scripts, why don't you put the easy rotator script file on your own server? It is probably a good idea to not allow off-site scripts anyhow.

User avatar
360Texas
Moderator
Posts: 3253
Joined: Sat Sep 09, 2006 6:06 pm
Location: Fort Worth, Texas USA
Contact:

Re: website security and Pano2vr's html template

Post by 360Texas » Tue Sep 11, 2018 8:37 pm

True. Then I would re-write the script line to point the easy_rotator.min.js file in my /js file on my iPower.com Host server. Then I could change http: > https:

This would resolve my Website Security issue. Which is the only one I have at the moment.

I am not sure... inline javascript or inline style (both are present in the Pano2vr html template) is calling external files
Dave
Pano2VR Forum Global Moderator
Image
Visit 360texas.com

Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 13 guests