• Welcome to the Chevereto User Community!

    Here, users from all over the world come together to learn, share, and collaborate on everything related to Chevereto. It's a place to exchange ideas, ask questions, and help improve the software.

    Please keep in mind:

    • This community is user-driven. Always be polite and respectful to others.
    • Support development by purchasing a Chevereto license, which also gives you priority support.
    • Go further by joining the Community Subscription for even faster response times and to help sustain this space

The XSS Auditor refused to execute a script

Status
Not open for further replies.

BigBoiJefe

Chevereto Member
When I click Save Changes external services, the values don't save. When I enable the developers I can see the following error:

The XSS Auditor refused to execute a script in 'http://qpix.com/dashboard/settings/external-services' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.

What is the problem?
 
I believe that is a false positive, likely due to the fact that the boxes contains JS code. You can either disable that on your server or edit directly the database using adminer or phpMyAdmin.
 
The editor isnt working the way it's supposed to. So you want me to use phpMyAdmin to make a change to the database, when I should be able to use the admin area?
 
Chevereto isn't blocking that form, your server does. As I always say, Chevereto is a script which run on top of the server layer so it can't change things below that layer (unless your server allows that).

Unless you change mod_security (or any similar mod altering your server) you won't be able to sumbit forms with <script> or any potential false-positive XSS code, that's why I told you to either get rid of that or edit the database directly.
 
Status
Not open for further replies.
Back
Top