Closed tfagart closed 4 years ago
I had the same problem on my CentOS 7 server running Cacti 1.2.11 and the development version of gpsmaps when accessing the Maps tab from my Windows 10 system using Microsoft Edge 81.0.416.72 (Chromium). You are correct that it's related to the Content-Security-Policy. If you open your JavaScript console you should see the policy elements that are preventing the maps from displaying.
I tweaked a couple of Cacti core files to get things going again, so I don't know what would be the best way to fix this permanently.
Here were my changes:
./include/global.php
At line 437 change,
header("Content-Security-Policy: default-src 'self'; img-src 'self' data: blob:; style-src 'self' 'unsafe-inline'; script-src 'self' $script_policy 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'");
to
header("Content-Security-Policy: default-src https://fonts.gstatic.com 'self'; img-src http://maps.gstatic.com https://maps.gstatic.com https://maps.googleapis.com 'self' data: blob:; style-src https://fonts.googleapis.com 'self' 'unsafe-inline'; script-src https://maps.googleapis.com 'self' $script_policy 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'");
./lib/html.php
At line 2365 change,
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src 'self' data: blob:; style-src 'self' 'unsafe-inline'; script-src 'self' <?php print $script_policy;?> 'unsafe-inline'; worker-src 'self'">
to
<meta http-equiv="Content-Security-Policy" content="default-src https://fonts.gstatic.com 'self'; img-src http://maps.gstatic.com https://maps.gstatic.com https://maps.googleapis.com 'self' data: blob:; style-src https://fonts.googleapis.com 'self' 'unsafe-inline'; script-src https://maps.googleapis.com 'self' <?php print $script_policy;?> 'unsafe-inline'; worker-src 'self'">
Hello,
Many thanks it works well. I don't know how to interact with Cacti Code, but I guess a pull request ?
Regards
Thomas
i don't have global.php in /usr/share/cacti/plugins/gpsmap/include and it's the same for html.phpi have cacti version 1.2.15
@BrunerHoes These are in the core directory, not the plugin.
Describe the bug After Cacti Upgrade above 1.2.11, gpsmap plugin does no more display maps. The KML/XML calculation is being done properly, but there is no way to display map. I guess this is linked to New Content-Security-Policy
To Reproduce Steps to reproduce the behavior:
Expected behavior See google maps
Plugin (please complete the following information):
Desktop (please complete the following information):