Under for each user, under ‘User Settings’ I enabled ‘message email notifications’:
But when I attempt email recovery by clicking ‘Forgot Password’, and entering username, the page is not responsive and upon viewing the console log, I find this error:
I’m not sure the CSP directive (content security policy) is something sent by default by dhis2. I would assume your administrator has put one at nginx level or another proxy (like cloudfront).
This policy directive need to be “adjusted” so the page work.
OR Some content has been actually injected so I guess the best answer is that your admin/security officer review the error message and content violating the policy.
Hi @Stephan_Mestach
Thanks for the quick response.
I found the resource on ‘CSP Header Quick Reference’ really helpful.
I’m running the server myself and will have to implement this myself. From what i found, by default the browser is automatically blocking inline scripts because a Content-Security-Policy header is defined. Also, from the error message I shared above, it looks like the Content Security Policy is defined somewhere in my dhis2 setup but I cannot find it in my apache-dhis2.conf and dhis2.conf files(still searching).
@Gassim Thank you for the suggestions. I tested this in Guest mode but the ‘Recover’ button does not still work. At this point I believe the ‘Recover button is not working’ in my instance (probably blocked by the CSP) and so there are no requests made to the server when I click.