The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

phpMyAdmin "Blocked by Content Security Policy"

Discussion in 'Security' started by TheSidewinder, Aug 6, 2011.

  1. TheSidewinder

    TheSidewinder Active Member

    Joined:
    Jul 18, 2009
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Got a puzzling issue where some users are reporting that, when they go to phpMyAdmin via their cPanel, they get the message in the title.

    The page load two panes; the left-hand one where the database names would appear, and the right-hand one where the tables would appear.

    But all they see is the message in each pane, "This page has a content security policy that prevents it from being embedded in this way".

    It appears to be browser-specific (IE works, FF won't), or perhaps a browser setting, but I'll be damned if I can figure out what setting. This happened once before, but cleared up by itself before I could figure what was the cause. Anyone have any bright ideas?

    Thank in advance.
     
  2. johnjg75

    johnjg75 Registered

    Joined:
    Aug 8, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I just recently ran into this problem as well on FF5, but have not come up with a permanent solution. I did, however, find a way around it.

    Once I click on phpMyAdmin under cPanel, it brings up the page with two frames saying that the content is blocked. Then if I goto the address bar and press enter (as if i was manually going to the page) then it loads up fine. However, if you click refresh, it doesn't work. You must do it through the address bar.

    Hopefully someone comes up with a permanent fix for this.
     
  3. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
  4. TheSidewinder

    TheSidewinder Active Member

    Joined:
    Jul 18, 2009
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Yes, it does appear to be only happening with FF5. One of the techs where I work had it happen to him on FF5, but when I tried to duplicate it with FF3, I couldn't. It worked fine.

    He says if it happens to him again for another support ticket, he'll try the suggestion about "re-entering" the address and see what happens.

    Thanks for the help, folks, appreciate it.
     
  5. Kyanar

    Kyanar Registered

    Joined:
    Sep 4, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I'd like to point out that this isn't actually a bug in Firefox at all. Basically, new versions of phpMyAdmin add a Content Security Policy header, that makes Firefox (5.0 and later) check to ensure that pMA isn't loaded inside a frame or by an untrusted page. To fix the error, cPanel (the software) needs to ensure it meets the conditions needed to be trusted by pMA, or the copy of pMA shipped with cPanel needs a slight modification to \libraries\header_http.inc.php to prevent sending an "X-Content-Security-Policy" header.
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If you believe this is a cPanel bug rather than a Firefox one, please submit a bug report - http://go.cpanel.net/bug
     
Loading...

Share This Page