content_security_policy block access

General discussion about Plugins for Cacti

Moderators: Developers, Moderators

Post Reply
Rno
Cacti Pro User
Posts: 704
Joined: Wed Dec 07, 2011 9:19 am

content_security_policy block access

Post by Rno »

I have a plugin who access Goolmap or openstreetmap, and now it's blocked by content security.

Can you help me to know how/where I can add a directive like that:
"content_security_policy": "script-src 'self' https://maps.googleapis.com https://maps.gstatic.com; object-src 'self'"

Since with all included yode of cacti I can't find where to do that.

thanks for your help
Test
Almalinux
php 8.2.14
mariadb 10.6.16
Cacti 1.2.27
Spine 1.2.27
RRD 1.7.2
thold 1.8
monitor 2.5
syslog 3.2
flowview: 3.3
weathermap 1.0 Beta
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: content_security_policy block access

Post by netniV »

It's a header that is exported I believe using the header() functionality of php.
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
User avatar
Osiris
Cacti Guru User
Posts: 1424
Joined: Mon Jan 05, 2015 10:10 am

Re: content_security_policy block access

Post by Osiris »

I think you should log this on GitHub.com in the cacti issue list.
Before history, there was a paradise, now dust.
Rno
Cacti Pro User
Posts: 704
Joined: Wed Dec 07, 2011 9:19 am

Re: content_security_policy block access

Post by Rno »

The solution was to add the following few line to the httpd configuration of the cacti virtual server:
<IfModule mod_headers.c>
Header set Content-Security-Policy "default-src * 'self' style-src 'unsafe-inline' img-src 'self' data:"
</IfModule>


That solve the issue, so not sure it's a cacti thing!
Test
Almalinux
php 8.2.14
mariadb 10.6.16
Cacti 1.2.27
Spine 1.2.27
RRD 1.7.2
thold 1.8
monitor 2.5
syslog 3.2
flowview: 3.3
weathermap 1.0 Beta
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: content_security_policy block access

Post by TheWitness »

The current content security policy will not allow that. However, you can open a bug request on the Cacti web site to allow the Admin to add a list of allowed offsite domains that can access content. This was done for security reasons.
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: content_security_policy block access

Post by TheWitness »

True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest