This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Jump to the post that solved this thread.
Sentastico not so sentastic.
#11
[Solved] RE: [Un-Solved] Sentastico not so sentastic.
Fixed it... You had for your 'SSL Hardening':

Code:
Header always set X-Frame-Options DENY
This blocks iframes. Commented it out and it works just fine now...
Problem solved!
Big Grin
-TGates - Head of Support

SEARCH the Forums or read the DOCUMENTATION before posting!
Modules Maintained: 13 - Module Installs: 108k+

Find my support helpful? Donate HERE
Help me to help you by getting your domains using this link:
GoDaddy - Domains
Reply
Thanks given by: worksmarter
#12
[Solved] RE: [Un-Solved] Sentastico not so sentastic.
(01-19-2017, 12:44 AM)TGates Wrote: Fixed it... You had for your 'SSL Hardening':

Code:
Header always set X-Frame-Options DENY
This blocks iframes. Commented it out and it works just fine now...
Problem solved!
Big Grin

Well no kidding. Can you elaborate on that - that could only have come from what I cut and pasted from the Let'sEncrypt instructions as that is the only thing that was modified after the install.

That would be something to include somewhere - and I wonder why it does not break the installs in VM's???

Where is "'SSL Hardening'" even set at?

(01-19-2017, 03:31 AM)worksmarter Wrote: Well no kidding. Can you elaborate on that -  that could only have come from what I cut and pasted from the Let'sEncrypt instructions as that is the only thing that was modified after the install.

That would be something to include somewhere - and I wonder why it does not break the installs in VM's???

Where is "'SSL Hardening'" even set at?

OK, I know how that got in there. It is included in the instructions on how to get an A+ sercurity rating on your SSL certificate. I would say that procedure needs modified for anyone that is going to install Sentastico. Thanks for finding that - that had not occurred to me...
Everyone makes mistakes, but to truly screw up it takes the root password!
Reply
Thanks given by:
#13
[Solved] RE: [Solved] Sentastico not so sentastic.
In the custom vhost setting for Sentora Wink

It probably can be modified to allow iframes within the same domain, but not allow outside use. I remember seeing something about that when I first was trying to sort out the issue.

Although, I eventually plan on putting the sentastico_admin.php inside the controller.ext someday but this requires a LOT of time and motivation. I already did it with the current code to get the package installer inside controller.ext.
-TGates - Head of Support

SEARCH the Forums or read the DOCUMENTATION before posting!
Modules Maintained: 13 - Module Installs: 108k+

Find my support helpful? Donate HERE
Help me to help you by getting your domains using this link:
GoDaddy - Domains
Reply
Thanks given by: worksmarter
#14
[Solved] RE: [Solved] Sentastico not so sentastic.
To be clear on a response for possible future users running into this, it is not a native Sentora issue.

I added it on the direction of a good post on how to get an excellent security rating for you Let'sEncrypt cert. If you secure your panel alone as per that tutorial/guide, that will not cause issues, but if you follow the "hardening" instructions for your certificate as published here in the forums there are two places you will be copying and pasting the problem entries:
One in the file /etc/httpd/conf.d/ssl.conf
Code:
Header always set X-Frame-Options DENY

Which needs commented out.

And one in the Sentora panel @ Admin > Module Admin > Apache Config > Global Sentora Entry
Code:
#Header always set X-Frame-Options DENY

If you do this from the get-go as I will now, you ill have no issues, but if you run into the failing Sentastico display issue, this is a simple edit and can be found in the Global Sentora entry in the panel.

Thanks for the the assistance TGates!
Everyone makes mistakes, but to truly screw up it takes the root password!
Reply
Thanks given by:
Jump to the post that solved this thread.


Possibly Related Threads...
Thread Author Replies Views Last Post
Sentastico "add" button does nothing Saveriott12 8 688 02-26-2017, 12:02 PM
Last Post: TGates
Sentastico - Package Installation Help venkatesham 4 1,204 01-30-2017, 12:49 AM
Last Post: pvphaberyorum
Looking for Sentastico Package Maintainers TGates 13 1,361 01-03-2017, 06:12 AM
Last Post: TGates

Forum Jump:


Users browsing this thread: 1 Guest(s)