Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Content-Security-Policy Issue

  • davidg1982
  • davidg1982's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
5 years 8 months ago #172673 by davidg1982
Content-Security-Policy Issue was created by davidg1982
I am trying to implement an iframe for respondents to Speed Test their Internet connection into my survey for a broadband survey, however I am getting this error. I don't know how to edit the Content-Security-Policy because I do not know where it is located.
Code:
Content Security Policy: The report URI (about:blank) should be an HTTP or HTTPS URI.
Content Security Policy: The page’s settings observed the loading of a resource at https://openspeedtest.com/service-worker.js (“worker-src”). A CSP report is being sent.

Can you help me resolve this?

Thanks!
The topic has been locked.
More
5 years 8 months ago #172675 by jelo
Replied by jelo on topic Content-Security-Policy Issue
What version of LimeSurvey is used?

There are a few ways how that blocking can be caused.

First check. Settings -> Security -> IFrame
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Attachments:
The topic has been locked.
  • davidg1982
  • davidg1982's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
5 years 8 months ago #172676 by davidg1982
Replied by davidg1982 on topic Content-Security-Policy Issue
LimeSurvey Version 3.13.2+180709

Here are my Security settings in Global Settings.
[img


I've tired two different browsers.
I am running Firefox 61.0.1 (64-bit) (with a bunch of extentions) and Chrome Version 68.0.3440.106 (Official Build) (64-bit) with almost no extensions. Both give the same error.
The topic has been locked.
More
5 years 8 months ago #172678 by jelo
Replied by jelo on topic Content-Security-Policy Issue
Can you provide the iframe html code? Best thing would be to create a small survey with just the embedding and attach the export here.

And check it with a browser without any extension.
The error "Content Security Policy: The report URI (about:blank) should be an HTTP or HTTPS URI." is typical for issues with extensions (e.g. ones that block external scripts.)
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
  • davidg1982
  • davidg1982's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
5 years 8 months ago #172680 by davidg1982
Replied by davidg1982 on topic Content-Security-Policy Issue
I am not sure what I did, but the iframe works now.

My next step is to get the iframe into an JS+JQuery code as a button, I cannot get it working.
Code:
<script type="text/javascript">jQuery(document).ready(function($){
    $('#button').click(function(){ 
        if(!$('#iframe').length) {
                $('#iframeHolder').html('<iframe id="iframe" src="https://openspeedtest.com/Get-widget.php" width="700" height="450"></iframe>');
        }
    });   
});
</script>
<button id="button">Speed Test Here</button>
<div id="iframeHolder"></div>

It works on codepen.io/davidg1982/pen/yxBqOGCodePen , but not on the survey. It gives no errors either.
The topic has been locked.
  • tpartner
  • tpartner's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
5 years 8 months ago #172705 by tpartner
Replied by tpartner on topic Content-Security-Policy Issue
You need to add a type="button" attribute to the button or it will try to submit the form.

To avoid iframe loading-lag, I would load the iframe in a hidden container as soon as the page loads and then simply show the container with the button.

Code:
<script type="text/javascript">
  $(document).on('ready pjax:scriptcomplete',function(){
    var buttonText1 = 'Speed Test Here';
    var buttonText2 = 'Hide Speed Test';
 
    $('#speedTestButton').click(function(){ 
      if(!$('#iframeHolder').is(':visible')) {
          $('#iframeHolder').fadeIn(300, function(e) {
            $('#speedTestButton').text(buttonText2);
          });
      }
      else {
          $('#iframeHolder').fadeOut(300, function(e) {
            $('#speedTestButton').text(buttonText1);
          });
      }
    });   
  });
</script>
<button id="speedTestButton" type="button">Speed Test Here</button>
<div id="iframeHolder" style="display: none;">
  <iframe id="iframe" src="https://openspeedtest.com/Get-widget.php" width="700" height="450"></iframe>
</div>
Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
The following user(s) said Thank You: davidg1982
The topic has been locked.
  • davidg1982
  • davidg1982's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
5 years 8 months ago #172722 by davidg1982
Replied by davidg1982 on topic Content-Security-Policy Issue
That totally worked. Thanks!
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source