Post by herve11170 » Wed Feb 03, 2021 6:05 pm

Hello,
I'm using Opencart Oc 2.0.1.1 and I am configuring Content-Security-Policy with my Opencart.
The .htaccess (live production) is configurated to create a random number and all my inline scripts have the label:
<script nonce="<?= $_SERVER['UNIQUE_ID'] ?>">
It's working fine in live production and there is no errors but when I use Opencart with localhost, I have severals errors:
PHP Notice: Undefined index: UNIQUE_ID in C:\xampp\htdocs\***\catalog\view\theme\default\template\common\header.tpl on line xxx.
PHP Notice: Undefined index: UNIQUE_ID in C:\xampp\htdocs\***\catalog\view\theme\default\template\common\header.tpl on line xxx.
.....
Is there a way to declare "$_SERVER['UNIQUE_ID'] " in header.php controller or in another file to avoid all these error messages?
With the label $_SERVER I don't know how do it.
I have tried to put something in the local .htaccess but no works.
Thank you in advance for the help you can give me.

New member

Posts

Joined
Wed Feb 15, 2017 1:39 pm

Post by thekrotek » Wed Feb 03, 2021 6:12 pm

Contact extension developer.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Expert Member

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by herve11170 » Wed Feb 03, 2021 6:14 pm

[SOLVED]

New member

Posts

Joined
Wed Feb 15, 2017 1:39 pm

Post by paulfeakins » Thu Feb 04, 2021 5:43 pm

herve11170 wrote:
Wed Feb 03, 2021 6:14 pm
[SOLVED]
It would be helpful to other forum users if you explained how it was solved.

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Guru Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by herve11170 » Fri Feb 12, 2021 1:56 pm

Hi,
I have put the same .htaccess to my localhost.
But is is very difficult to use CSP with opencart.
A lot of inline scripts and inline css by default make that you need to spend a lot of time to configure it.
A lot of onclick ... onchange... etc...
you need to modify all the tpl one by one in the front-end but also in admin!
to much work.

New member

Posts

Joined
Wed Feb 15, 2017 1:39 pm

User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by herve11170 » Fri Feb 12, 2021 6:53 pm

Just add Content-Security-Policy to my website and remove the script-src: 'Unsafe-inline'. But if I remove it from my htaccess, then I need to add 'nonce="xxxxxx" to all the scripts inline in opencart. I have started with all the <script>, <script src...> but it's a big job because all the Opencart website get onclick script, onchange script, etc... and you need to modify all admin tpl too.
Big big job to do during lockdown only!

New member

Posts

Joined
Wed Feb 15, 2017 1:39 pm
Who is online

Users browsing this forum: No registered users and 21 guests