Closed vanHeerwaarden closed 3 weeks ago
vanHeerwaarden
commented
3 weeks ago SOLVED .htaccess
<IfModule mod_headers.c>
Header set Content-Security-Policy "frame-ancestors 'none'"
</IfModule>By disable Header set Content-Security-Policy "frame-ancestors 'none'" the code is working in the new versions of trongate.
QUESTION What are the risks by removing this Header set Content-Security-Policy "frame-ancestors 'none'"?
trongate
commented
3 weeks ago FROM GROK:
Removing frame-ancestors 'none' does open up your site to framing, which can lead to several security risks. If there's a legitimate reason to allow framing (like embedding content in trusted environments), consider implementing alternative security measures. However, if there's no compelling reason to remove this policy, keeping it in place is generally safer from a security standpoint.
Here's some information from oWasp: https://owasp.org/www-community/attacks/Cross_Frame_Scripting.
I added the .htaccess code on advise from a security expert whom I trust. However, I'm not qualified to advise on these kinds of things.
I have to say, your invoices look fabulous! Great job!
As a happy user of Trongate I tried to reuse my module from an older Trongate version, but now I get a message "refused to connect" in the browser when running the app. See pictures below.
Is this easy to solve? YES, see comment
I also tried the new file.php class and I became in the same challenge/messages. In the trongate documentation I could not find a solution, but also on the web I did not find anything (yet).
Trongate version 1.3.3021
Trongate version 1.3.3055