I decided to use CloudFlare and, with this decision I started living with the problem.
I’m having a Content-Security-Policy issue with CloudFlare
I added domains:
trusted_domains’
13 => ‘cloudflare.com’,
14 => ‘ajax.cloudflare.com’,
Consol screenshot:
nclogin fw
Line: 12
<script type="text/javascript">
//<![CDATA[
try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dok3v=1613a3a185/"},atok:"a5598fbea6541371e5e84444fd34eeec",petok:"0119e12f861d65f4adee31660e13ee5fe0455fe4-1494590285-1800",zone:"getddo.com",rocket:"a",apps:{}}];document.write('<script type="text/javascript" src="//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=85b614c0f6/cloudflare.min.js"><'+'\/script>');}}catch(e){};
//]]>
</script>
I modified CloudFlare for these codes, but this did not work;
\lib\private\legacy\response.php
$policy = 'default-src \'self\'; '
. 'script-src \'self\' \'unsafe-eval\' \'nonce-'.\OC::$server->getContentSecurityPolicyNonceManager()->getNonce().'\'; '
. 'style-src \'self\' \'unsafe-inline\'; '
. 'frame-src *; '
. 'img-src * data: blob:; '
. 'font-src \'self\' data:; '
. 'media-src *; '
. 'connect-src *; '
. 'object-src \'none\'; '
. 'base-uri \'self\'; ';
header('Content-Security-Policy:' . $policy);
header('X-Frame-Options: SAMEORIGIN');
I have investigated this problem on the internet but have not got a result, what can I do for this problem?