SSL Labs ScoreSecurityHeaders.io Score

Log in to participate

There is no cost to join RicheyWeb, and membership is a requirement to submit bug reports and participate in the support forums.

× Extension Discussions

CPS extension

More
3 weeks 5 days ago #2832 by trogladyte
trogladyte created the topic: CPS extension
Morning Michael

THANK YOU for this great extension! I'm no programmer, though I can cut and paste with the best of them!!! I only discovered CPS and all it's attendant extras within the last week (I'm ashamed to say), and have been reading and reading, trying to get a handle on stuff. And then trying to implement my own CPS on various sites without luck (usually breaking them! LOL!!).

I thought if I set up a CPS, it would fix an issue I have with just one particular site - www.adventaz.org/lay-ministry-reading (actually just this one page). It has a ministry scheduler iframed into the page (see the big, white expanse at the bottom!). An Inspect | Console shows this error:

Refused to display ' secure.rotundasoftware.com/l/web-termina...liveWebPostId=453279 ' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors player.vimeo.com ".

This is what got me started. So I added your plugin, scored an A (only Feature Policy is outstandign as I have no clue what to do with that!) securityheaders.com/?q=https%3A%2F%2Fwww...g&followRedirects=on , yet this error (and failed iframe) persists. I hate frames, but the company that provides this scheduler offers no way to get it into a website other than framing and the client is invested in it.

So, finally, my question. Is this something that the CSP on my client's site can fix, or is it something that Rotunda Software has implemented which is stopping framing? If the former, what do I need to implement in the plugin to fix it? Thanks again. JED review coming! :P

Please Log in or Create an account to join the conversation.

More
3 weeks 1 day ago - 3 weeks 1 day ago #2833 by michael
michael replied the topic: CPS extension
Feature Policy is relatively new, but my extension supports it. Look in the configuration for the "Feature Policy" tab. You'll need to select which feature is to be enabled. You can enable as many as you wish, there are 13 features total.

Scanning richeyweb.com on securityheaders.io you'll see that my site passes the Feature Policy test.
Last Edit: 3 weeks 1 day ago by michael.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Kunena Forum