website security and Pano2vr's html template

Q&A about the latest versions
Post Reply
Carel
Posts: 176
Joined: Tue Sep 12, 2006 5:59 am
Location: Pasadena, CA USA
Contact:

Sun Sep 02, 2018 1:57 am

Has anyone here implemented a "Content Security Policy" - https://en.wikipedia.org/wiki/Content_Security_Policy on their panorama website? CSP does not like inline javascript or inline style (both are present in the Pano2vr html template) and I am curious how people have dealt with this.
User avatar
Hopki
Gnome
Posts: 10176
Joined: Thu Jan 10, 2008 3:16 pm
Location: Layer de la Haye, Essex UK
Contact:

Mon Sep 10, 2018 8:21 pm

Hi Carol,
Sorry I have not played with this, don't know if anyone else has.
Regards,
Hopki
Hopki
Garden Gnome Software Support
If you send an e-mail to support please send a link to the forum post for reference.
support@ggnome.com
https://ggnome.com/wiki/documentation/
User avatar
360Texas
Moderator
Posts: 3393
Joined: Sat Sep 09, 2006 6:06 pm
Location: Fort Worth, Texas USA
Contact:

Tue Sep 11, 2018 5:04 pm

Similar maybe off topic:
Our website host made it easy to convert our http// site to a https// safe site.

When I converted I lost the ability to use a script that calls an external Easy_Rotator .js file from another site. Its an image slider/fader function. Rather than slide it fades to replace the previous image. Its also a responsive design.

Code: Select all

<script type="text/javascript" src="http://c520866.r66.cf2.rackcdn.com/1/js/easy_rotator.min.js"></script>
So I changed it back to a NOT safe site until I can find a replacement code set that is internal to the site and not dependent on downloading from external site.

Just a thought
Dave
Pano2VR Forum Global Moderator
Image
Visit 360texas.com
Carel
Posts: 176
Joined: Tue Sep 12, 2006 5:59 am
Location: Pasadena, CA USA
Contact:

Tue Sep 11, 2018 7:41 pm

If the webhost's http>https conversion does not allow offsite scripts, why don't you put the easy rotator script file on your own server? It is probably a good idea to not allow off-site scripts anyhow.
User avatar
360Texas
Moderator
Posts: 3393
Joined: Sat Sep 09, 2006 6:06 pm
Location: Fort Worth, Texas USA
Contact:

Tue Sep 11, 2018 8:37 pm

True. Then I would re-write the script line to point the easy_rotator.min.js file in my /js file on my iPower.com Host server. Then I could change http: > https:

This would resolve my Website Security issue. Which is the only one I have at the moment.

I am not sure... inline javascript or inline style (both are present in the Pano2vr html template) is calling external files
Dave
Pano2VR Forum Global Moderator
Image
Visit 360texas.com
Post Reply