Fixed it... You had for your 'SSL Hardening':
This blocks iframes. Commented it out and it works just fine now...
Problem solved!
Code:
Header always set X-Frame-Options DENYProblem solved!
Sentora Support Forums
›
Sentora Forum Archives
›
Sentora Public Support Forums v1.0.x
›
3rd Party Module Support v1.0.x
›
Sentastico not so sentastic.
›
Sentastico not so sentastic.
|
Sentastico not so sentastic.
|
TGates
Sentora Council - Head of Support Team  OS: Ubuntu 20.04 LTS Version: 2.0.2 Server: i7-6700K @ 4GHz, 8 cores 32GB Ram Thanks given by: worksmarter
worksmarter
Support Staff OS: CentOS 7 Version: 1.0.3 Server: Home, Dedicated, Apache 2.4.6/PHP 5.6.33/MariaDB 5.5.52 (01-19-2017, 12:44 AM)TGates Wrote: Fixed it... You had for your 'SSL Hardening': Well no kidding. Can you elaborate on that - that could only have come from what I cut and pasted from the Let'sEncrypt instructions as that is the only thing that was modified after the install. That would be something to include somewhere - and I wonder why it does not break the installs in VM's??? Where is "'SSL Hardening'" even set at? (01-19-2017, 03:31 AM)worksmarter Wrote: Well no kidding. Can you elaborate on that - that could only have come from what I cut and pasted from the Let'sEncrypt instructions as that is the only thing that was modified after the install. OK, I know how that got in there. It is included in the instructions on how to get an A+ sercurity rating on your SSL certificate. I would say that procedure needs modified for anyone that is going to install Sentastico. Thanks for finding that - that had not occurred to me...
Everyone makes mistakes, but to truly screw up it takes the root password!
TGates
Sentora Council - Head of Support Team OS: Ubuntu 20.04 LTS Version: 2.0.2 Server: i7-6700K @ 4GHz, 8 cores 32GB Ram
In the custom vhost setting for Sentora
 It probably can be modified to allow iframes within the same domain, but not allow outside use. I remember seeing something about that when I first was trying to sort out the issue. Although, I eventually plan on putting the sentastico_admin.php inside the controller.ext someday but this requires a LOT of time and motivation. I already did it with the current code to get the package installer inside controller.ext. Thanks given by: worksmarter
worksmarter
Support Staff OS: CentOS 7 Version: 1.0.3 Server: Home, Dedicated, Apache 2.4.6/PHP 5.6.33/MariaDB 5.5.52
To be clear on a response for possible future users running into this, it is not a native Sentora issue.
I added it on the direction of a good post on how to get an excellent security rating for you Let'sEncrypt cert. If you secure your panel alone as per that tutorial/guide, that will not cause issues, but if you follow the "hardening" instructions for your certificate as published here in the forums there are two places you will be copying and pasting the problem entries: One in the file /etc/httpd/conf.d/ssl.conf Code: Header always set X-Frame-Options DENYWhich needs commented out. And one in the Sentora panel @ Admin > Module Admin > Apache Config > Global Sentora Entry Code:
always set X-Frame-Options DENYIf you do this from the get-go as I will now, you ill have no issues, but if you run into the failing Sentastico display issue, this is a simple edit and can be found in the Global Sentora entry in the panel. Thanks for the the assistance TGates!
Everyone makes mistakes, but to truly screw up it takes the root password!
|
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| Sentastico white screen | zustudios | 3 | 9 ,161 |
01-27-2020, 03:20 AM Last Post: Jettaman |
|
| How to Sentastico Packages update? | lycuc | 11 | 33 ,554 |
08-11-2018, 11:14 AM Last Post: TGates |
|
| Sentastico "add" button does nothing | Saveriott12 | 10 | 29 ,084 |
03-02-2018, 05:50 AM Last Post: TGates |
|
Users browsing this thread: 1 Guest(s)
