Good day stackers,
Can anyone help me figure out why a simple javascript onchange function works in one folder but does not work in another folder on the same webserver (cPanel v120.0.16).
The links below would redirect you to the not working and working folder.
Both folders have the same permissions and type. Both folders contain the test.php file with the same code as below
<!DOCTYPE html>
<html>
<body>
<p>Select a new car from the list.</p>
<select id="mySelect" onchange="myFunction()">
<option value="Audi">Audi</option>
<option value="BMW">BMW</option>
<option value="Mercedes">Mercedes</option>
<option value="Volvo">Volvo</option>
</select>
<p>When you select a new car, a function is triggered which outputs the value of the selected car.</p>
<p id="demo"></p>
<script>
function myFunction() {
var x = document.getElementById("mySelect").value;
document.getElementById("demo").innerHTML = "You selected: " + x;
}
</script>
</body>
</html>
Any pointers or solutions would be of immense help. Warm Regards
In the console of the working site (https://rohigroupofschools.com/presite/test.php), I don't see any errors. In the console of the non-working website (https://rohigroupofschools.com/app/test.php), I see dozens of error messages like
Content-Security-Policy: The page’s settings blocked an event handler (script-src-attr) from being executed because it violates the following directive: “default-src 'self'” Source: myFunction() test.php
Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “default-src 'self'” test.php:18:9
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2 because it violates the following directive: “default-src 'self'” test.php
Content-Security-Policy: The page’s settings blocked the loading of a resource (font-src) at https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2 because it violates the following directive: “default-src 'self'” test.php
The configured content security policies (CSP) block the execuation of some inline scripts and event handlers and the loading of some external resources.
You can find the current CSP in the response header. The non-working website has the header
content-security-policy: default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
The working website has no such header.
The event handler
onchange="myFunction()"
in
<select id="mySelect" onchange="myFunction()">
<option value="Audi">Audi</option>
<option value="BMW">BMW</option>
<option value="Mercedes">Mercedes</option>
<option value="Volvo">Volvo</option>
</select>
and the script element
<script>
function myFunction() {
var x = document.getElementById("mySelect").value;
document.getElementById("demo").innerHTML = "You selected: " + x;
}
</script>
are blocked by CSP.
You have to change the configuration of the CSP or modify your code in a way that considers the CSP.
script-src-attr self doesn't allow inline event handlers and script-src-elem self doesn't allow inline scripts. One way to solve the problem is to move all JavaScript code into separate files with the same origin and load the script files.
It's also recommended to avoid on... event handlers, see Why is using onClick() in HTML a bad practice?, and inline JavaScript, see Why inline JavaScript is bad?. The CSP forces you to avoid it.