Content security policy not being respected

The following (seemingly valid) Content Security Policy does not work in Safari:
script-src 'unsafe-eval' 'self' by.uservoice.com widget.uservoice.com www.google.com use.typekit.net js.stripe.com localhost:35739
Errors occur for a number of requests to the permitted services, including e.g.:
Refused to load the script 'https://js.stripe.com/v1/?_=1398952171104' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self' by.uservoice.com widget.uservoice.com www.google.com use.typekit.net js.stripe.com localhost:35739".

Thanks for your reply gdgmac.
Is there no easier way to do this?
I understand I could backup, reset, then restore, but I was hoping there was some easier way.
Out of curiosity, is this as-per-design?
Many thanks for your help again,
Chris

Similar Messages

Trouble with Content Security Policy (CSP)

In the latest Firefox 33 there seem to be an issue with Content Security Policy (CSP) and how it handles url that are url encoded.
For instance when some CSP directive is set to like https://mywebsite.com/application/do;jsessiond=1234 - it will get URL encoded so the ; gets replaced by %3B.
In Firefox 32 and earlier this worked, but not in this new solution.

It may be that it needs a header application/x-www-form-urlencoded is this included in your url request as well as charset UTF-8?
If you select a different encoding via web dev [https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI]
This sounds like what it did before? [http://www.justarrangingbits.org/firefox-magic-decoding-address-bar/index.html]

When I tried to log into my itunes account, I was asked to update my credit card information. When I confirmed my credit card info, I got a response about my security code not being accurate -which is not the case-it is 100% accurate. How do I fix?

I keep getting a message about my security code not being accurate. I tried 3 different cards & have the same issue. Is this a systems issue? I need to get my apps installed on my new iPhone 4. I am unable to download without confirming my credit card info- My security codes are 100% accurate.Anyone else having this issue? What is the fix for this?

Ohemod,
There are 120+ countries that have iTunes Stores, but that leaves many that do not. You can consult this document: iTunes Store: Which types of items can I buy in my country?
Opening in a new country requires a tremendous amount of legal, commercial and financial investment, but I am sure Apple would be interested in knowing where there is unmet demand. If you wish to make suggestions to Apple, you can use the iTunes Feedback page.

Group Permissions Not Being Respected

After upgrading our file server to 10.4.8, group write permissions (POSIX, not ACLs) are not being respected for users connecting via SMB. If Group X owns a folder, and has Read and Write permissions on that folder, User A can log in via SFTP and modify that file. However, User A can not log in via SMB and modify that same file. When looking at the "Effective Permissions Browser" in WGM, it will correctly show the user and group ownership of a file, but state that User A does not have permissions to modify that file (in spite of User A being in Group X).
Has anyone seen anything like this? Or does anyone have any suggestions? We can't try switching to ACLs to resolve the issue because the files being shared are mounted from a remote NFS server (ACLs are only supported on HFS+ volumes).
Thanks.
Xserve G5 Mac OS X (10.4.8)

like so:
drwxrwsr-x 6 jwalcik laitssta 4096 Oct 9 23:13 test
where the folder belongs to the user "jwalcik" and to the group "laitstaff". both are shown as having read, write, and execute status, and the setguid bit is set for the group. other users have read and execute privileges.
Xserve G5

[svn:osmf:] 14928: Fix bug FM-468: Initial and max indices not being respected for RTMP MBR.

Revision: 14928
Revision: 14928
Author:   [email protected]
Date:     2010-03-22 17:35:43 -0700 (Mon, 22 Mar 2010)
Log Message:
Fix bug FM-468: Initial and max indices not being respected for RTMP MBR.
Ticket Links:
    http://bugs.adobe.com/jira/browse/FM-468
Modified Paths:
    osmf/trunk/framework/OSMF/org/osmf/net/NetStreamSwitchManager.as
    osmf/trunk/framework/OSMFTest/org/osmf/net/TestNetStreamSwitchManager.as

11.2.3 security policy not applying

This was in another post felt it need its on post and subject.
11.2.3 has help, but now on device that have 11.2.3 the security policy is
not applying. I have 4 device I'm testing on one was a clean instill of
11.2.3 the other 3 were upgraded, out of all 4 only one the security policy
is applying right. Where would the security policy be store when it is
applied to a device. Is their a better way to apply security policy.
I found that the gpttmpl.inf file is not being copy to the
[C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
folder and did confirm that it is in the zcm meachine cache folder
[C:\Program Files
(x86)\Novell\ZENworks\bin\handlers\CacheFiles\Work stationCache\GroupPolicy\M
achine\Microsoft\Windows NT\SecEdit]. I manual copy it to the SecEdit
folder
logged off back on and then did get the Security Options Settings set
properly.
So why is it not copying it over, the Registry.pol file is and all other
group policy are working (so far). And on the one computer that Security
Options is working right on and running 11.2.3 the gpttmpl.inf is not in
the
[C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
folder ether and I have checked computers that are still on 11.2.0 and the
Security Settings are applied but the gpttmpl.inf file in not in the
[C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]. Is
ZEN suppose to copy gpttmpl.inf to the system32 group policy folder and if
so can this be fix? I really need Security Settings to apply.
Hope this makes sense.
And I have this problem on both 32 & 64 bit windows 7
I don't know if this affects Windows XP because I don't have any Security
Settings for XP set.
Thanks
Scott

Well I found this in the ZCM troubleshooting guide with the help of google
[When more than one Windows Group policy is applied to a device, the
security settings of the last applied policy are effective on the device.].
I have all ways had device first user last sense 10.3.3 - 11.2.0 and the
security policy did apply, at lease with WIN7. So on my test machines I
change it to user fist device last and now the security policy now works
with 11.2.3, but I still have to have a bundle to run gpupdate /force at
user login. If I done have the bundle to run the device group policy does
not apply sometime, I don't mine to have the bundle to run just why with
win7 is does not apply with out it and XP does with out it.
Also why does it not copy the gpttmpl.inf to
[C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
directory?
>>> On Friday, March 15, 2013 at 12:34 PM, in message
<[email protected]>, Scott Malugin<[email protected]> wrote:
> This was in another post felt it need its on post and subject.
>
>
> 11.2.3 has help, but now on device that have 11.2.3 the security policy
> is
> not applying. I have 4 device I'm testing on one was a clean instill of
> 11.2.3 the other 3 were upgraded, out of all 4 only one the security
> policy
> is applying right. Where would the security policy be store when it is
> applied to a device. Is their a better way to apply security policy.
>
>
> I found that the gpttmpl.inf file is not being copy to the
> [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
> folder and did confirm that it is in the zcm meachine cache folder
> [C:\Program Files
> (x86)\Novell\ZENworks\bin\handlers\CacheFiles\Work stationCache\GroupPoli
> cy\M
>
> achine\Microsoft\Windows NT\SecEdit]. I manual copy it to the SecEdit
> folder
> logged off back on and then did get the Security Options Settings set
> properly.
>
> So why is it not copying it over, the Registry.pol file is and all other
> group policy are working (so far). And on the one computer that Security
> Options is working right on and running 11.2.3 the gpttmpl.inf is not in
> the
> [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
> folder ether and I have checked computers that are still on 11.2.0 and
> the
> Security Settings are applied but the gpttmpl.inf file in not in the
> [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit].
> Is
> ZEN suppose to copy gpttmpl.inf to the system32 group policy folder and
> if
> so can this be fix? I really need Security Settings to apply.
>
> Hope this makes sense.
>
> And I have this problem on both 32 & 64 bit windows 7
> I don't know if this affects Windows XP because I don't have any
> Security
> Settings for XP set.
>
>
> Thanks
> Scott

Policy not being applied to users

I have a group policy that used to work, but now has decided it does not want to be applied to the workstations anymore. I don't know what may have happened to make is stop working.
It's a pretty restrictive policy for students. I have the exact same policy for two other groups of students that still work. All three policies were copied from the same set of files. In other words, I make a change to one, then copy the files to the other two because they reside on different servers. Yes, I do open each one in C1 to update the timestamp.
When I run wmsched, the policy is there in the list, but the settings are not applied. I can log in to the PC with one of the other student accounts and their policy is applied.
The login I'm using to test with has R rights to the policy location - the same rights that the other users have to their policies. I have also tried more rights with no different results.
The DLU part of the policy runs, and I have turned off the windows firewall. I have also created a brand new policy from scratch to rule out any corruption in the old policy and I get the same results.
Apparantly, my workstation policy for this group is not being applied either. The other two groups' policies apply like they are supposed to. So this means that neither policy assigned to this group of students/workstations is working.
Any ideas?
Thanks

FishEggStew,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/

Security constraints not being applied after using custom login module

I am using form based authentication and I applied the custom login module - DBProcLoginModule to work with the embedded OC4J (JDeveloper 10.1.3.2). I have specified two security contraints in web.xml. The authentication is working correctly, however the security contraints are not being applied. All users are able to access all url resources. The security constraints were working properly before applying the custom login module. Pls help.
Leena

Hi,
if "All users are able to access all url resources" then this indicates that the RL isn't properly protected. If the authorization would fail then noone would have access and you would see error code 401
Make sure the role names in web.xml are the same as added by the LoginModule. Also make sure you set the dynamic.role property and the custom security provider property in the orion-application.xml
<jazn provider="XML">
<property name="custom.loginmodule.provider" value="true"/>
<property name="role.mapping.dynamic" value="true"/>
</jazn>
Note that the above is not required (because done automatically) if the custom LoginModule configuration is deployed through the orion-application.xml file
Frank

This page has a content security policy that prevents it from being embedded in this way

I keep getting this warning message on random pages, including AOL Mail, and Android Central Forums, after recent Firefox updates. I can't click this message off, and it locks the entire browser. Sometimes I can X out of it, and sometimes it opens many tabs and I have to force close it. I've using Chrome, out of frustration for the last few days and haven't had this pop up. I've used Firefox for many years and really enjoy it and hope I can continue. Any help and ideas would be appreciated.

Do a malware check with several malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware.
All these programs have free versions.
Make sure that you update each program to get the latest version of their databases before doing a scan.
*Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php
*AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/ http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml
*SuperAntispyware: http://www.superantispyware.com/
*Microsoft Safety Scanner: http://www.microsoft.com/security/scanner/en-us/default.aspx
*Windows Defender: http://windows.microsoft.com/en-us/windows/using-defender
*Spybot Search & Destroy: http://www.safer-networking.org/en/index.html
*Kasperky Free Security Scan: http://www.kaspersky.com/security-scan
You can also do a check for a rootkit infection with TDSSKiller.
*Anti-rootkit utility TDSSKiller: http://support.kaspersky.com/5350?el=88446
See also:
*"Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
*https://support.mozilla.org/kb/troubleshoot-firefox-issues-caused-malware
Boot the computer in Windows Safe Mode with network support (press F8 on the boot screen) as a test.
*http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Security Groups not being discovered / Talking a long time to be discovered

Hi All.
When creating user collections i am creating the majority of them with a membership rule that links directly to a discovered Security Group, so in order for this to happen the security group has to first be discovered by Security Group Discovery Method.
Ok, what i am seeing is that it is taking a long time, very long time for the security group to appear. At the moment a security group that i am waiting on was created more then 24hours ago and has still not appeared in the All User Groups collection.
Now this has got me thinking, some of these security groups are created and will not be populated with users from active directory so it is basically an empty security group, the security group that im waiting on to be discovered is empty also...
So my question... if a security group has no members, does this stop it from being discovered / appearing in All Users Groups collection ?
If this answer is 'no' then i got to ask some more questions as to what is causing this severe lag in my discovery :-(

Hi Jason,
been trawling the internet and found this.... its dated 2010 so must be referring to SCCM 2007, but could still be relevant.. ???
5. Active Directory User Discovery
It discovers the following:
User name
Unique user name (includes domain name)
Active Directory domain
Active Directory container name
User groups (except empty groups)
http://systemcentersupport.blogspot.co.uk/2010/01/discovery-methods-do-what.html
(just added a user to my 'empty' security group - see what happens)

10.5 portable home sync rules not being respected on the client...

Portable home syncing is working great for me on my Tiger server and clients, and I'm an old hat at Apple server and OD.... However in my test environment for 10.5, my client machines reuse to respect the rules that I've set in 10.5 Server Workgroup Manager for portable home syncing. I was hoping 10.5.2 would fix this for me, but no luck....
I can tell that the clients are bound to the OD and are reading the MCX settings from the server, because I can change the sync time interval, and that is being reflected on the client. WGM is set to NOT allow settings to be merged with user's settings, so I can eliminate the client settings as a variable.
Both Login/Logout and background sync are effected by this problem.
Is anyone else having this issue?

Bruce's solution above does indeed work. However, I must have stared at his answer for 20 minutes trying to figure out what he was talking about. Undoubtedly, my inability to initially parse his solution comes from my more basic understanding of OS X Server. Since there are likely others out there with this same Home Sync problem and my same level of experience with OS X Server I wanted to give Bruce's answer again but with more detail.
The problem, as explained by the original post, is that Home Sync settings for a user or group aren't necessarily respected. For example, if I were to open Workgroup Manager (WGM), select myself as a user (Berylium), click Preferences, select Mobility from the Overview tab, and select the Rules tab I would be in the Home Sync preferences. If I tell the Login & Logout Sync tab to Always do what I select and then I uncheck the Sync at login and logout checkbox one would expect that when I log in or log out I would not see a Home Sync dialog popup and perform a sync operation - but I did.
The issue as Bruce explains occurs because of another setting I have enabled, Background Sync, and a quirk (bug?) in Leopard Server. I have Background Sync enabled, set to Always, and told to sync in the background my ~/Documents and ~/Desktop folders. Leopard Server, it seems, performs the following operation when I login or logout:
1. Is Login & Logout Sync enabled? No, ok skip this part.
2. Is Background Sync enabled? Yes! Ok, sync the background sync items now even though this is a login or log out.
Clever, Apple. Ok, now that the problem has been explained let's get to the solution.
1. Open WGM, select your problem user or group, click Preferences, and select the Details tab
2. Click the +, navigate to /System/Library/CoreServices/, select ManagedClient, and click Add
- At this point, at least in my installation, several more items appeared in the preference editor list.
3. Select Home Sync in the preference editor list then click the Edit button (looks like a pencil)
4. Expand the Always list item
- Obviously, this is where some people's solution could begin to differ from mine. You may want to edit items in the Once or Often list items.
5. Click the New Key button, a New Item will be created and selected, click New Item and select Sync Background Set During Login from the list.
6. Change the Value item for Sync Background Set During Login from automatic to dontSync
7. Repeat steps 5 and 6 but select Sync Background Set During Logout
8. Click Apply Now followed by Done
Now you should be all set. Thank you Bruce for the solution to this problem and I hope someone else finds my more detailed explanation helpful.
-Berylium

Group Policy not being pushed out

HI,
I have a problem with Group Policy updates. The domain controllers are Server 2008 R2 and the clients are all Windows 7 64bit. It looks like the clients are not updating their group policies. We've recently added a certificate for our new
corporate wifi. During testing we used gpupdate /force and the computers installed the certificates. It has been several weeks since the GP was published and we have announced the new wifi. Users are still being prompted to accept the certificate
even though they should have received it from the GP. If I try to do a RSOP, of a users computer, I get "The RPC Server is unavailable" Any ideas on how to fix this?
Thanks
Ron Soulliard
Ron Soulliard Systems Administrator Polaris Ventures

Group Policy is always retrieved by the clients. If a client sees a new GPO that is applicable to them, it will grab it and apply it.
In the GPMC, can you run a GPResult for a computer that hasn't gotten the GPO? You might also want to check out this list of common GP issues:
http://deployhappiness.com/top-10-ways-to-troubleshoot-group-policy/
If my answer helped you, check out my blog:
DeployHappiness. Subscribe by
RSS or
email.

AWS Security Groups not being removed

I also noticed this - When I created cloud instances, it also created a security group for each instance.
On removal of the cloud via Cloud Manager, it did not remove the Security group that it had created for that cloud. I had to go into AWS and remove it manually.
Thanks

Hi,
Thank you for your feedback.
This is a known issue we plan to fix in a future release.

CSM - slb-policy not being honored

We have a vserver that I set up on a CSM - running v 4.2(9). There is a default serverfarm and an SLB-POLICY that uses an url-map and a different serverfarm. It appears that once the initial connection is made to the default serverfarm any requests that should match the url-map still end up going to that default serverfarm and not the new serverfarm. We are not running persistent rebalance as the application on the default serverfarm will not load the web pages properly. Note there are no sticky configuration parameters with this vserver. Thanks in advance for any help.

P.S. If a url is entered into a new browser that matches the url-map, that request is switched to the correct serverfarm. So to go back and forth between the matched url's and non-matched (default serverfarm) the browser must be closed and and a new one opened (at least this is how Internet Explorer 6 is responding).

/etc/iftab not being respected

Hi all,
I'm running an up-to-date Arch Linux on my server which has two gigabit Ethernet ports. I have my /etc/iftab as follows:
eth0 mac 00:1d:7d:96:f8:dd
eth1 mac 64:70:02:10:55:41
However, ifconfig -a tells me that the interfaces are the opposite of what I have configured in the iftab - even after rebooting.
% ifconfig -a [0]
eth0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 64:70:02:10:55:41 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::21d:7dff:fe96:f8dd prefixlen 64 scopeid 0x20<link>
ether 00:1d:7d:96:f8:dd txqueuelen 1000 (Ethernet)
RX packets 641 bytes 65608 (64.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 502 bytes 88518 (86.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I remember that I had it working correctly at some point, but after a recent update, the system has stopped respecting iftab.
I'm using kernel 3.6.11-1 and netcfg by the way.

Try some more careful reading:
$ pacman -Si netcfg
...<snip>...
Optional Deps : ...<snip>...
wireless_tools: for interface renaming through net-rename
...<snip>...
As for cleaning up netcfg, you're probably looking for this. Also, given the upcoming deprecation of wireless_tools in favour of iw, you might want to check what they're doing about ifrename, if anything.

Content security policy not being respected

Similar Messages

Maybe you are looking for