I run a Laravel application not developed by me, as I'm not a developer. This Laravel app show a user page interface where I need put a custom script live chat code.
I found where is the relative blade page where I need put that code and the patch is on app/Modules/KnowledgeBase/Resources/view/layouts/page.blade.php
- app is the folder where the app is installed, inside all core files.
- All requests inside this app folder are redirected to the public folder by an htaccess file, the public folder is inside the app folder so app/public/
- In the public folder there are a lot of files and folders. One of this folder is a symbolic link folder called modules, inside that folder there are all modules linked as symbolic links.
- I click on the symbolic links knowledgebase
- here I'm able to place a test HTML file with also the live chat script who works. This is just a test to see if I'm able to reach the location where I'm from the browser and to check the chat script works.
- In this folder only two folders are present. I need click on the button to load the parent directory and when I do I'm inside the following patch: app/Modules/KnowledgeBase/
- Now I open the resources , view, layouts folders and I reach the page.blade.php
My script inserted on this file never work. I'm also unable to reach a test.html file located at app/Modules/KnowledgeBase/Resources/view/layouts/ this because all browser requests are redirected to the public folder so the browser will load a not found page.
If I put the script inside this page I get the error "The script loading a resource to inline was blocked by page settings (“script-src”)"
I'm asking where this directive is set and how to fix to have my script run in the page.blade.php
The only .htaccess file I see is placed in the app folder and his content is
<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REQUEST_URI} !/\.well\-known/?.* RewriteRule (.*) public/$1 [L] </IfModule> There is also an .htaccess file placed in the public directory with the following code:
<IfModule mod_rewrite.c> <IfModule mod_negotiation.c> Options -MultiViews -Indexes </IfModule> RewriteEngine On # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} (.+)/$ RewriteRule ^ %1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] </IfModule> I don't understand why I'm unable to see my script code loaded inside the page.blade.php
I expect to be able to run the script inside the blade.php page. I searched on the web for a solution find some meta tag to add to the page but never resolve.
The script is correctly inserted in the page, the issue is locked by a directive that I don't know where can be placed and how to change for allow my script.
In the app/config I found a php file that inside has:
'csp_enabled' => env('APP_CSP_ENABLED', true), 'csp_script_src' => env('APP_CSP_SCRIPT_SRC', ''), Maybe is this directive that is forbid my script? How to resolve? Set to false resolve the issue but create maybe a XSS weakness. How I can allow my script leaving this option true?
