Skip to content
Grav 2.0 is officially stable. Read the announcement →

Community guidelines

Please keep discussions civil and on-topic. Repeated violations may lead to a temporary ban.

Log in Register

Richard Hainsworth Member

@finanalyst · Joined 9 years ago · 96 posts · 30 topics · 9 reputation

Badges

✏️ First Post 💬 Conversation Starter

Recent posts

  • Content security policy · 6 years ago

    Re (a) I was implying a generic solution would be going too far. Re (b) Yes I did mean the Reports tap under Tools. In fact it seems to me that to keep GRAV at the bleeding edge, providing information

  • Content security policy · 6 years ago

    a) This seems to be a solution for Apache, but what about NGINX et al. b) The Admin plugin has a REPORT section. It handles YAML linting. What about Security warnings?

  • Content security policy · 6 years ago

    The problem is identifying where all the inline JS exists, and then dealing with it. The template I chose seems to have a number of places with inline JS. I do not know a quick / sytematic way of trac

  • Content security policy · 6 years ago

    @iamerwin Unfortunately not. I placed a header in the Apache file, but the site broke. So I had to comment it out. There are multiple problems because of the use of inline javascript, which is now con

  • Content security policy · 6 years ago

    Thanks for the feedback. Actually, I have had to revert the content policy header. As you say, lots of little things stopped working. I have not worked out all the wrinkles. For example, various plug

  • Grav & security vulnerability in jquery? · 6 years ago

    So after working at the security problem for a while, I discovered that the biggest issues flagged by automatic site testing is due to HTTP headers. I have documented my solutions in another post. O

  • Content security policy · 6 years ago

    So I looked into this further. It seems the best place to handle HTTP header is in the server configuration. I use Apache 2.4, but searching on line yields similar for NGINX etc. Strict Transport

  • Grav & security vulnerability in jquery? · 6 years ago

    @unleashed Thanks for the effort. Yes I was also able to change the jquery version in Admin with photographer. And with no other change, everything worked. (Eventually :) ).. BUT photographer itself l

  • Grav & security vulnerability in jquery? · 6 years ago

    I have restored the site's operation by allowing Jquery 1. to be loaded. The Jquery version is embedded in the Photographer skeleton. I do not know to upgrade all the plugins to get to the latest vers

  • Content security policy · 6 years ago

    I put my new site through an online security check. Several problems were found. No content security policy. I found a post in this Forum dated 2015 about this. But nothing more recent. Is this somet