phpMyAdmin "Blocked by Content Security Policy"

[TheSidewinder]

Got a puzzling issue where some users are reporting that, when they go to phpMyAdmin via their cPanel, they get the message in the title.

The page load two panes; the left-hand one where the database names would appear, and the right-hand one where the tables would appear.

But all they see is the message in each pane, "This page has a content security policy that prevents it from being embedded in this way".

It appears to be browser-specific (IE works, FF won't), or perhaps a browser setting, but I'll be damned if I can figure out what setting. This happened once before, but cleared up by itself before I could figure what was the cause. Anyone have any bright ideas?

Thank in advance.

 

[johnjg75]

I just recently ran into this problem as well on FF5, but have not come up with a permanent solution. I did, however, find a way around it.

Once I click on phpMyAdmin under cPanel, it brings up the page with two frames saying that the content is blocked. Then if I goto the address bar and press enter (as if i was manually going to the page) then it loads up fine. However, if you click refresh, it doesn't work. You must do it through the address bar.

Hopefully someone comes up with a permanent fix for this.

 

[cPanelTristan]

All I can find on this was a prior bug at https://bugzilla.mozilla.org/show_bug.cgi?format=multiple&id=515458 location, which was supposed to be resolved already. Is this only happening on Firefox 5?

Of note, this appears to be a browser bug given the prior bug report on it at Mozilla.

 

[TheSidewinder]

Yes, it does appear to be only happening with FF5. One of the techs where I work had it happen to him on FF5, but when I tried to duplicate it with FF3, I couldn't. It worked fine.

He says if it happens to him again for another support ticket, he'll try the suggestion about "re-entering" the address and see what happens.

Thanks for the help, folks, appreciate it.

 

[Kyanar]

I'd like to point out that this isn't actually a bug in Firefox at all. Basically, new versions of phpMyAdmin add a Content Security Policy header, that makes Firefox (5.0 and later) check to ensure that pMA isn't loaded inside a frame or by an untrusted page. To fix the error, cPanel (the software) needs to ensure it meets the conditions needed to be trusted by pMA, or the copy of pMA shipped with cPanel needs a slight modification to \libraries\header_http.inc.php to prevent sending an "X-Content-Security-Policy" header.

 

[cPanelTristan]

If you believe this is a cPanel bug rather than a Firefox one, please submit a bug report - http://go.cpanel.net/bug