• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • This community is user driven. Be polite with other users.
    • We recommend purchasing a Chevereto license to participate in this community.
    • Purchase a Community Subscription to get even faster ticket response times.

The XSS Auditor refused to execute a script

Status
Not open for further replies.
B

BigBoiJefe

Chevereto Member
When I click Save Changes external services, the values don't save. When I enable the developers I can see the following error:

The XSS Auditor refused to execute a script in 'http://qpix.com/dashboard/settings/external-services' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.

What is the problem?
 
I believe that is a false positive, likely due to the fact that the boxes contains JS code. You can either disable that on your server or edit directly the database using adminer or phpMyAdmin.
 
The editor isnt working the way it's supposed to. So you want me to use phpMyAdmin to make a change to the database, when I should be able to use the admin area?
 
Chevereto isn't blocking that form, your server does. As I always say, Chevereto is a script which run on top of the server layer so it can't change things below that layer (unless your server allows that).

Unless you change mod_security (or any similar mod altering your server) you won't be able to sumbit forms with <script> or any potential false-positive XSS code, that's why I told you to either get rid of that or edit the database directly.
 
Status
Not open for further replies.
Back
Top