CSP Issues

Silverstripe Version: 4.11

Question:

I have a site that I did not build, so I am not super familiar with it, but recently the admin panel has become unreachable. When you login it just hangs on the loading screen.

There are no errors in error logs and the web host can not find anything on the server that would explain why it does this. If I set the site up on my PC, it works fine.

I can see in the console a bunch of errors that are resulting from CSP. The first one is:

[Script Loader] EvalError: call to eval() blocked by CSP

I have not done much with Silverstripe in the last couple of years so I am not sure what the solution to this is likely to be.

I think this is version 4.11, if I were to upgrade it to 4.13 is it likely to fix this? Or do I need to upgrade it to 5+ ?

Any insights would be much appreciated.

Thanks

Without access to the website or the code I am just guessing, but: If you say that the admin panel has become unreachable recently, then I suppose you didn’t change anything on the website but maybe on the server. Maybe you started using CloudFlare or something similar? You seem to have introduced CSP headers which is apparently needed in a Silverstripe 4 admin interface (I just tested it in a SS4-Admin).

An upgrade will not solve your problem, instead you should try to configure the CSP-Headers on your server and make an exception for the /admin/* routes. Maybe you can set a custom subdomain for the admin which is without CSP-Headers? Or you could allow unsafe-eval for script-src.