phpMyAdmin "Blocked by Content Security Policy"

TheSidewinder

Active Member
Jul 18, 2009
41
0
56
Got a puzzling issue where some users are reporting that, when they go to phpMyAdmin via their cPanel, they get the message in the title.

The page load two panes; the left-hand one where the database names would appear, and the right-hand one where the tables would appear.

But all they see is the message in each pane, "This page has a content security policy that prevents it from being embedded in this way".

It appears to be browser-specific (IE works, FF won't), or perhaps a browser setting, but I'll be damned if I can figure out what setting. This happened once before, but cleared up by itself before I could figure what was the cause. Anyone have any bright ideas?

Thank in advance.
 

johnjg75

Registered
Aug 8, 2011
1
0
51
I just recently ran into this problem as well on FF5, but have not come up with a permanent solution. I did, however, find a way around it.

Once I click on phpMyAdmin under cPanel, it brings up the page with two frames saying that the content is blocked. Then if I goto the address bar and press enter (as if i was manually going to the page) then it loads up fine. However, if you click refresh, it doesn't work. You must do it through the address bar.

Hopefully someone comes up with a permanent fix for this.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator

TheSidewinder

Active Member
Jul 18, 2009
41
0
56
Yes, it does appear to be only happening with FF5. One of the techs where I work had it happen to him on FF5, but when I tried to duplicate it with FF3, I couldn't. It worked fine.

He says if it happens to him again for another support ticket, he'll try the suggestion about "re-entering" the address and see what happens.

Thanks for the help, folks, appreciate it.
 

Kyanar

Registered
Sep 4, 2011
1
0
51
cPanel Access Level
Website Owner
I'd like to point out that this isn't actually a bug in Firefox at all. Basically, new versions of phpMyAdmin add a Content Security Policy header, that makes Firefox (5.0 and later) check to ensure that pMA isn't loaded inside a frame or by an untrusted page. To fix the error, cPanel (the software) needs to ensure it meets the conditions needed to be trusted by pMA, or the copy of pMA shipped with cPanel needs a slight modification to \libraries\header_http.inc.php to prevent sending an "X-Content-Security-Policy" header.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
If you believe this is a cPanel bug rather than a Firefox one, please submit a bug report - http://go.cpanel.net/bug