We Keep Coding

After installing Admin Dashboard stuck at loader - magento2

It is my first time to install Magento ( esting on localhost xampp windows 10) After installation and login Admin, the dashboard page stuck at loader and not able to click anything on that page
Upon checking console there are many errors show, kindly let me know how to get rid of these
this is how Dashboard looks after admin login
and here is the console log errors
index):1 [Report Only] Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Work+Sans:400,700.less' because it violates the following Content Security Policy directive: "style-src getfirebug.com 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
6[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' 'unsafe-inline'".
require.js:1 Failed to load resource: the server responded with a status of 404 (Not Found)
mixins.js:1 Failed to load resource: the server responded with a status of 404 (Not Found)
6Refused to apply style from '<URL>' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
magento-icon.svg:1 Failed to load resource: the server responded with a status of 404 (Not Found)
mixins.js:1 Failed to load resource: the server responded with a status of 404 (Not Found)
requirejs-config.js:18 Uncaught TypeError: require.config is not a function
at requirejs-config.js:18
at requirejs-config.js:19
at requirejs-config.js:643
(index):45 Uncaught TypeError: require.config is not a function
at (index):45
(index):94 Uncaught TypeError: require is not a function
at (index):94
(index):145 Uncaught TypeError: require.config is not a function
at (index):145
(index):377 Uncaught TypeError: require is not a function
at (index):377
launch-EN30eb7ffa064444f1b8b0368ef38fd3a9.min.js:2 [Report Only] Refused to connect to 'http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=8F99160E571FC0427F000101%40AdobeOrg&d_nsid=0&d_mid=29743719464296385161644608670132256639&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&ts=1593811159571' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'".
fireCORS # launch-EN30eb7ffa064444f1b8b0368ef38fd3a9.min.js:2
(index):489 Uncaught ReferenceError: define is not defined
at (index):489
(index):1 [Report Only] Refused to connect to 'https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=8F99160E571FC0427F000101%40AdobeOrg&d_nsid=0&d_mid=29743719464296385161644608670132256639&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&ts=1593811159571' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'".
(index):553 Uncaught TypeError: require is not a function
at (index):553
(index):608 Uncaught TypeError: require is not a function
at (index):608
(index):666 Uncaught TypeError: require is not a function
at (index):666
(index):689 Uncaught TypeError: require is not a function
at (index):689
(index):712 Uncaught TypeError: require is not a function
at (index):712
launch-EN30eb7ffa064444f1b8b0368ef38fd3a9.min.js:2 [Report Only] Refused to connect to 'http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=8F99160E571FC0427F000101%40AdobeOrg&d_nsid=0&d_mid=29743719464296385161644608670132256639&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&ts=1593811160166' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'".
fireCORS # launch-EN30eb7ffa064444f1b8b0368ef38fd3a9.min.js:2
(index):1 [Report Only] Refused to connect to 'https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=8F99160E571FC0427F000101%40AdobeOrg&d_nsid=0&d_mid=29743719464296385161644608670132256639&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&ts=1593811160166' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'".
(index):1 A cookie associated with a cross-site resource at http://demdex.net/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
opensans-400.woff2:1 Failed to load resource: the server responded with a status of 404 (Not Found)
admin-icons.woff2:1 Failed to load resource: the server responded with a status of 404 (Not Found)
opensans-600.woff2:1 Failed to load resource: the server responded with a status of 404 (Not Found)
(index):1 [Report Only] Refused to load the image 'http://cm.everesttech.net/cm/dd?d_uuid=30164682664402128881605921059494271379' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'".
(index):1 [Report Only] Refused to load the image 'http://amcglobal.sc.omtrdc.net/b/ss/amc.global.prod,amc.mag.admin.prod/1/JS-2.15.0-LAR3/s53861047311763?AQB=1&ndh=1&pf=1&t=4%2F6%2F2020%201%3A19%3A20%206%20-240&mid=29743719464296385161644608670132256639&aamlh=6&ce=UTF-8&cdp=1&fpCookieDomainPeriods=1&g=http%3A%2F%2Flocalhost%2Fmagento%2Fshahzad%2Fadmin%2Fdashboard%2Findex%2Fkey%2Ff57af2165e459d9ee9c7af2716318b5901264fcfdfb186f035af1f4bca44a3bc%2F&r=http%3A%2F%2Flocalhost%2Fmagento%2Fshahzad%2Fadmin%2Findex%2Findex%2Fkey%2Fc0e9189525693d1b02511bd0ed89c5a42d...shboard&hierarchy=dashboard&solution.&name=magento&version=2.3.5-p1&mode=default&edition=Community%20Edition&.solution&env=production&.page&user.&id=997b2e516d3a99e309b33783f07e5efd93c569dbb7b35711fb741f9e6eb0b039bee2e059d2a5f90da63e2a931512ed4aa721e3f8b7627f42f6af8eed67d2ee95&language=en&accountType=admin&authSystem=magento&corpId=unknown&.user&.c&cc=USD&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&s=1366x768&c=24&j=1.6&v=N&k=Y&bw=1366&bh=608&mcorgid=8F99160E571FC0427F000101%40AdobeOrg&AQE=1' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'".
assets.adobedtm.com/:1 [Report Only] Refused to frame 'http://fast.amc.demdex.net/' because it violates the following Content Security Policy directive: "frame-src 'self' geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com".
assets.adobedtm.com/:1 [Report Only] Refused to frame 'https://fast.amc.demdex.net/' because it violates the following Content Security Policy directive: "frame-src 'self' geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com".
opensans-700.woff2:1 Failed to load resource: the server responded with a status of 404 (Not Found)
opensans-600.woff:1 Failed to load resource: the server responded with a status of 404 (Not Found)
opensans-400.woff:1 Failed to load resource: the server responded with a status of 404 (Not Found)
admin-icons.woff:1 Failed to load resource: the server responded with a status of 404 (Not Found)
(index):1 [Report Only] Refused to load the image 'https://cm.everesttech.net/cm/dd?d_uuid=30164682664402128881605921059494271379' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'".
opensans-700.woff:1 Failed to load resource: the server responded with a status of 404 (Not Found)
(index):1 [Report Only] Refused to load the image 'https://dpm.demdex.net/ibs:dpid=411&dpuuid=XoT-7wAAAxKII6x_&d_uuid=30164682664402128881605921059494271379' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'".
2(index):1 [Report Only] Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Work+Sans:400,700.less' because it violates the following Content Security Policy directive: "style-src getfirebug.com 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
DevTools failed to load SourceMap: Could not load content for chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/sourceMap/chrome/iframe_handler.map: HTTP error: status code 404, net::ERR_UNKNOWN_URL_SCHEME
DevTools failed to load SourceMap: Could not load content for chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/sourceMap/chrome/content.map: HTTP error: status code 404, net::ERR_UNKNOWN_URL_SCHEME

Please try running
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento c:f
php bin/magento setup:static-content:deploy -f
Did you update the magento mode?
php bin/magento deploy:mode:set developer
This sets magento to development mode, so you don't have to run the last command from above every time you change static files (Javascript, HTML, Images, etc.).

Thank you for your replies and answer . Someone suggest me following solution and it works be so I decided to share with you as well
go to app/etc/di.xml
find the line
Magento\Framework\App\View\Asset\MaterializationStrategy\Symlink
and Replace it with
Magento\Framework\App\View\Asset\MaterializationStrategy\Copy
Then
Upgrade
Deploy
Reindex
Clean cache

Related

I am implementing a feature using H2O Flow open source code. I am running into errors when calling an internal API
Refused to connect to "https://...." because it violates the following Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-inline'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

I have the following CSP rule on my server:
connect-src 'self' https://exampleurl.test.pro/
But when a subroute of this url is being called it gets blocked by the CSP rule.
https://exampleurl.test.pro/ppms.php?action_name=example&rec=1&r=018609&h=9&m=21&s=34&url=https%3A%2F%2Fexample.azurewebsites.net%2F&urlref=https%3A%2F%2Flogin.example.com%2F&_id=45a27339c6f79315&_idts=1652252243&_idvc=1&_idn=0&_viewts=1652252243&send_image=1&ts_n=jstc_tm&ts_v=2.6.10&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=2560x1440&gt_ms=747&pv_id=U3B9Xe
I get the following error:
ppms.js:12 Refused to connect to
'https://exampleurl.test.pro/ppms.php?action_name=example&rec=1&r=018609&h=9&m=21&s=34&url=https%3A%2F%2Fexample.azurewebsites.net%2F&urlref=https%3A%2F%2Flogin.example.com%2F&_id=45a27339c6f79315&_idts=1652252243&_idvc=1&_idn=0&_viewts=1652252243&send_image=1&ts_n=jstc_tm&ts_v=2.6.10&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=2560x1440&gt_ms=747&pv_id=U3B9Xe'
because it violates the following Content Security Policy directive:
"connect-src 'self' https://exampleurl.test.pro/".

I'm unable to understand the error. please help if anyone facing the same issue and got rid of it.
The Content Security Policy 'font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';' was delivered in report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header.
4(index):1 [Report Only] Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Work+Sans:400,700.less' because it violates the following Content Security Policy directive: "style-src getfirebug.com 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
(index):24 GET http://localhost/demo/pub/static/version1588683649/adminhtml/Magento/backend/en_US/mage/requirejs/mixins.js net::ERR_ABORTED 404 (Not Found)
(index):23 GET http://localhost/demo/pub/static/version1588683649/adminhtml/Magento/backend/en_US/requirejs/require.js net::ERR_ABORTED 404 (Not Found)
(index):34 GET http://localhost/demo/pub/static/version1588683649/adminhtml/Magento/backend/en_US/images/magento-icon.svg 404 (Not Found)
(index):24 GET http://localhost/demo/pub/static/version1588683649/adminhtml/Magento/backend/en_US/mage/requirejs/mixins.js net::ERR_ABORTED 404 (Not Found)
requirejs-config.js:18 Uncaught TypeError: require.config is not a function
at requirejs-config.js:18
at requirejs-config.js:19
at requirejs-config.js:643
(anonymous) # requirejs-config.js:18
(anonymous) # requirejs-config.js:19
(anonymous) # requirejs-config.js:643
60[Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' 'unsafe-inline'".

This is because of the new module ( Magento_csp) added in Magento 2.3.5,
As of version 2.3.5, Magento supports CSP headers and provides ways to configure them. (This functionality is defined in the Magento_Csp module.) Magento also provides default configurations at the application level and for individual core modules that require extra configuration. Policies can be configured for adminhtml and storefront areas separately to accommodate different use cases. Magento also permits configuring unique CSPs for specific pages.
CSP can work in two modes:
report-only - In this mode, Magento reports policy violations but does not interfere. This mode isuseful for debugging. By default, CSP violations are written to the browser console, but they can be configured to be reported to an endpoint as an HTTP request to collect logs. There are a number of services that will collect, store, and sort your store’s CSP violations reports for you.
restrict mode - In this mode, Magento acts on any policy violations thus block any URLs those are added in the whitelist. This reduces cross-site scripting, credit card skimmers etc..
See more details here
https://devdocs.magento.com/guides/v2.3/extension-dev-guide/security/content-security-policies.html

CSP is not the reason of the problem. By default CSP works in Report-Only mode. The main reason of endless loading is:
(index):24 GET http://localhost/demo/pub/static/version1588683649/adminhtml/Magento/backend/en_US/mage/requirejs/mixins.js net::ERR_ABORTED 404 (Not Found)
(index):23 GET http://localhost/demo/pub/static/version1588683649/adminhtml/Magento/backend/en_US/requirejs/require.js net::ERR_ABORTED 404 (Not Found)
(index):34 GET http://localhost/demo/pub/static/version1588683649/adminhtml/Magento/backend/en_US/images/magento-icon.svg 404 (Not Found)
(index):24 GET http://localhost/demo/pub/static/version1588683649/adminhtml/Magento/backend/en_US/mage/requirejs/mixins.js net::ERR_ABORTED 404 (Not Found)
Perhaps you didn't clean the cache. Try to switch to developer mode and clean the cache:
$ ./bin/magento deploy:mode:set developer
$ ./bin/magento cache:clean
$ redis-cli FLUSHALL # if you have redis

The problem comes from the new Magento_csp module, one solution that I really find is to deactivate this module and move forward in your project.
bin/magento module:disable Magento_Csp

I am new to Content Security Policy and am trying to apply a policy like
Google Fonts violates Content Security Policy
to a page referencing a stylesheet from google: https://fonts.googleapis.com/css?family=Raleway:300,400,700
The issue I am running into is that in chrome the developer tools console tells me that the style-src rule is not set and it is defaulting to default-src. In IE I am not getting these warnings.
Here is the console Error:
Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Raleway:300,400,700' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
Here is a capture of my header with fiddler:
Content-Security-Policy: default-src 'self' https:;script-src 'self' 'nonce-Ab4J0bSR7xiEFldCemz9' 'unsafe-eval';object-src 'self';style-src 'self' 'unsafe-inline' 'nonce-zGkHV0PmcLCJKhMH6H8V' https:;font-src 'self' https: data:
Is this a browser problem?

Turns out I had an extra declaration in the custom headers that was conflicting.
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="default-src 'self';" />
</customHeaders>
</httpProtocol>
after removing this, and reverting back to a clear tag the problem went away.

I'm trying to create a chrome app which requests access to firebase. I have set my CSP in manifest.json and I'm still getting CSP errors:
"Content_security_policy": "script-src 'self' https://www.gstatic.com/ https://*.firebaseio.com https://www.*.googleapis.com; style-src 'self' https://www.googleapis.com/ https://fonts.googleapis.com/; default-src 'self' https://*.firebaseio.com",
This is the error I keep getting:
firebase.js:375 Refused to load the script
'https://myapp.firebaseio.com/.lp?start=t&ser=30696138&cb=1&v=5'
because it violates the following Content Security Policy directive:
"default-src 'self' blob: filesystem: chrome-extension-resource:".
Note that 'script-src' was not explicitly set, so 'default-src' is
used as a fallback.