Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
kysil Posted October 25, 2017 Posted October 25, 2017 Hello, on Admin CP in Safari browser i have this one error: Quote Failed to set referrer policy: The value 'origin-when-crossorigin' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'. Defaulting to 'no-referrer'. in Chrome: How to FIX it? Thank You!
kysil Posted October 25, 2017 Author Posted October 25, 2017 Nginx rules: add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; add_header X-UA-Compatible "IE=Edge"; add_header Expect-CT 'max-age=3600; enforce; report-uri="https://myips.report-uri.io/r/default/ct/enforce"'; add_header Referrer-Policy "origin-when-crossorigin"; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.googletagmanager.com www.google-analytics.com; img-src 'self' data: www.google-analytics.com; style-src 'self' www.google.com fonts.googleapis.com ajax.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com; frame-src ciuvo.com; object-src 'none'"; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:AES128-GCM-SHA256:AES128-SHA:!AES256-GCM-SHA384:!AES256-CCM8:!AES256-CCM:!AES128-CCM8:!AES128-CCM:!AES256-SHA256:!CAMELLIA256-SHA256:!AES128-SHA256:!DHE-RSA-CAMELLIA256-SHA:!DHE-RSA-CAMELLIA128-SHA:!CAMELLIA128-SHA256:!AES256-SHA:!CAMELLIA256-SHA:!CAMELLIA128-SHA:!DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!SRP:!DSS:!RC4"; ssl_prefer_server_ciphers on; ssl_ecdh_curve X25519:secp521r1:secp384r1; If comment out all the rules, the problem still remains.
Marcher Technologies Posted October 25, 2017 Posted October 25, 2017 https://www.w3.org/TR/referrer-policy/#referrer-policy-origin-when-cross-origin This would appear to be a bug, please submit a ticket so it can be fixed in the relevant admincp template. All other browsers seem to be ignoring the typo present(origin-when-crossorigin is incorrect, it should be origin-when-cross-origin).
kysil Posted October 25, 2017 Author Posted October 25, 2017 Please send a request someone active client because I do not currently have an active license. Fixed two entries in the Database and one in the Template (application / core / data / theme.xml). Also changed the rule of Nginx to: add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; add_header X-UA-Compatible "IE=Edge"; add_header Expect-CT 'max-age=3600; enforce; report-uri="https://myips.report-uri.io/r/default/ct/enforce"'; add_header Referrer-Policy "origin-when-cross-origin"; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.googletagmanager.com www.google-analytics.com; img-src 'self' data: www.google-analytics.com; style-src 'self' www.google.com fonts.googleapis.com ajax.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com; frame-src ciuvo.com; object-src 'none'"; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:AES128-GCM-SHA256:AES128-SHA:!AES256-GCM-SHA384:!AES256-CCM8:!AES256-CCM:!AES128-CCM8:!AES128-CCM:!AES256-SHA256:!CAMELLIA256-SHA256:!AES128-SHA256:!DHE-RSA-CAMELLIA256-SHA:!DHE-RSA-CAMELLIA128-SHA:!CAMELLIA128-SHA256:!AES256-SHA:!CAMELLIA256-SHA:!CAMELLIA128-SHA:!DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!SRP:!DSS:!RC4"; ssl_prefer_server_ciphers on; ssl_ecdh_curve X25519:secp521r1:secp384r1; The problem disappeared into Firefox (56, 64bit) and Safari Technology Preview (Release 42 (Safari 11.1, WebKit 13605.1.10)), but stayed in Safari (11.0) and Chrome (62.0.3202.62) . Safari Chrome
bfarber Posted November 21, 2017 Posted November 21, 2017 On 10/25/2017 at 6:29 AM, Marcher Technologies said: https://www.w3.org/TR/referrer-policy/#referrer-policy-origin-when-cross-origin This would appear to be a bug, please submit a ticket so it can be fixed in the relevant admincp template. All other browsers seem to be ignoring the typo present(origin-when-crossorigin is incorrect, it should be origin-when-cross-origin). I've reviewed and pushed a patch to adjust this for development review
kysil Posted February 6, 2018 Author Posted February 6, 2018 On 11/21/2017 at 3:53 PM, bfarber said: I've reviewed and pushed a patch to adjust this for development review Hello, your patch not applied in new the latest version.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.