Hello,
I've previously gone through my website in order to make it relatively secure by using the Joomla HTTP Headers plugin which allows a relatively easy configuration of the HTTP transactions, however certain pin holes must be established in order to get things to work correctly.
Can you please tell me what HTTP headers directives are required to be set with the corresponding attributes in order to allow the cloudflare scripts that your tools reference to run?
For example, for google maps api to run one must set the "script-src" directive with the value of 'self' 'unsafe-inline' *.googleapis.com for the script to be able to be executed. There are other things like img-src etc. to get it to display pictures.
I also noticed when I had http headers enabled, it blocked the registration of your extensions. Since that is a one time event, I just disabled it momentarily and turned it back on.
Generally having http headers setup will prevent malicious execution of code and insertion, etc.
Please let me know if you need anything else or have any other questions.
Thanks for the help in advance!
Devon
Replies are visible only to logged in members with an active subscription.
