Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by on Sunday, 04 July 2021 20:17 CDT
We got this warning >
CloudFlare's Rocket Loader will prevent you from using Akeeba BackupThe Joomla cms is not working anymore. We however have no relation with cloudfare or an account.
Site is working as it should. https://totoweb.nl
Can you help us out on this problem?
Regards,
Raoul
You only see this message when CloudFlare's Rocket Loader JavaScript and local storage data is detected on the page. Seeing that on a site which doesn't use CloudFlare is strange and makes me think that something is wrong with the JavaScript on your site.
I am also very confused because in the same message you say that Joomla (the CMS which powers your site) doesn't work anymore but also that your site (powered by Joomla) does work. These two statements are mutually exclusive. You obviously mean something else, but what? What doesn't work? Try to be more detailed so I can understand what you mean. I can't help you unless I can at the very least understand what is the problem you are facing.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Hello Nicholas,
I made a backup and restored it on a subdomain. Everything is working then. So I tried to restore the same backup in httpdocs but got the warning in the screenshot in console and kickstart also doesn't work and has no layout.
One of the warnings>
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-fgqnZInNVg6Rcp+Dt6+FdjcfjzItuEzHzVsJgKctZBM='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
kickstart.php:3398
We are not using cloudflare.
To be more precise, we can't save anything anymore or change configuration. Also Yootheme doesn't work anymore. It says we have to activate the system plugin but that is activated. Not possible to update or do anything in the cms. Front end is working as expected.
any idea how to solve this?
Regards,
Raoul
First, delete your .htaccess file. It defines a Content-Security-Policy which prevents inline scripts and inline styles from being applied. This is incompatible with Joomla 3. Joomla 3 (and Kickstart itself) use inline scripts and inline event attributes in HTML elements. Since these are disallowed the JavaScript on the page breaks. Akeeba Backup does NOT use inline scripts or inline event attributes BUT if the JavaScript on the page has already stopped working because of this kind of an error then our JavaScript never gets the chance to run which is why the JavaScript-reliant detection of RocketLoader seems to not be working. Basically, the Content-Security-Policy you added in your .htaccess broke your site. It's not something related to our software.
Note that the Content-Security-Policy which disallows inline scripts will only work on Joomla 4 and ONLY if you set up the relevant feature in Joomla itself AND your 3PD extensions support it. Our software does support it since early 2020 — it was part of the large scale JavaScript refactoring you saw in our release notes back then.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Hello Nicholas,
Thank you for the answer. I did delete the .htaccess and revered tot the default Joomla .htacces. The same problem. I now have a empty httpdocs and only a php info file in it https://totoweb.nl/phpinfo.php Also that breaks. Could there be a misconfiguration on the PLESK server? My host says everything is ok on the server.
Kind regards,
Raoul
Since I didn't have enough information before I assumed that you are using Apache whose behaviour is controlled by a .htaccess file. Instead, it looks like you are using NginX. Unlike Apache, NginX' configuration is NOT controlled by a file in your site's root. You need to edit the actual site definition and restart or reload the NginX server for any changes to be applied.
Ask your host how to remove any custom NginX configuration you have set up which generates the HTTP header Content-Security-Policy: default-src 'self'; which is causing the problem you came here with.
Also note that your custom NginX configuration seems to block access to the phpinfo.php file, using it to reply with a 404 error. The 404 is then caught by Joomla which is why you see Joomla's 404 page when trying to access that file.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!