The module we are building loads images from our AWS CloudFront distribution inside the main module page. The images are not appearing and I'm getting the following error message in the console. Refused to load the image '<URL>' because it violates the following Content Security Policy directive: "img-src 'self' data:" Is this something which is a server configuration specific to ISPConfig 3 or could it be a AWS CF setting I need to setup?
Sounds like the header sent via the ispconfig vhost, you would have to customize that from the cli. You could probably set that header differently for locations that begin with your module's path.
@Jesse Norell ok, I understand. Is that something that could be changed during the installation of the module and would be permanent, or would it be over-written when someone updates ISPConfig? Is this the file you're referring to? /usr/local/ispconfig/server/conf/apache_apps.vhost.master
The ISPConfig vhost is, depending on the OS and web server, e.g. /etc/apache2/sites-available/ispconfig.vhost or /etc/nginx/sites-available/ispconfig.vhost The master template for that file is in the ISPConfig tar.gz in the install/tpl/ folder and to make changes update proof, you can copy it to the folder /usr/local/ispconfig/server/conf-custom/install/ But that#s nothing that a module should do, as using such a master template prevents that ISPconfig can update this template in future and many users won't be able to diff and update it on their own.
Instead of loading images from an external CDN on each pageview, you can e.g., write a small PHP script that acts as a proxy and is also able to cache the images locally. Especially as changing the content security policy would weaken the security of the ISPConfig panel.
@till yeah I don't think editing the vhost file would make sense. I will go with your suggestion of using a proxy.
@till How can we include a JS file in the footer of the module page. Do we have to edit the main.tpl.htm file (/usr/local/ispconfig/interface/web/themes/default/templates/main.tpl.htm file) ? We only need our JS file to be loaded in the footer on the module page.
Have you tried to put your js file into interface/web/js/js.d/ folder? I guess it includes in the header, but this might work for your purpose too.
@till The JS file needs to be loaded after the jQuery file is loaded in the footer. So it wouldn't work in the header.
I just had a look at the code, the files from js.d folder get included in the footer, so it should be ok.
@till sorry, not sure if I should create a new topic but thought I'd ask you in here. Is there documentation on getting default account/user values? For example: $_SESSION['s']['user']['username'] to get the username $_SESSION['s']['user']['email'] to get the user's email $_SESSION['s']['user']['domains'] to get the user's/account domains etc.
$_SESSION['s']['user'] contains what you can find in the sys_user table of the database for the currently logged-in user.