Open marc-farre opened 1 year ago
This is more than likely due to direct script injected into the code itself with no CSP implemented;
i.e <?= Html::nonce() ?>
should be implemented into the script tags;
https://github.com/petersphilo/humhub-social_stats/blob/8363aa67204b89e3079ce26cdb628287591cf9a5/views/main/index.php#L307-L308
Shown in the following is how you would implement CSP into script tags;
Also the SDK script shouldn't be implemented in this way, probably a better way would be the following; https://github.com/GreenMeteor/adsense/blob/master/widgets/views/adframe.php#L14
The main issue would be where the SDK script needs to be injected, then following the same logic as the AdSense module, and implement the registerJsFile()
method.
To reproduce:
Install uBlock origin extension on Chrome. Go to the social Stats page.
Thanks.