Archive for January, 2023

KitCAD i3 rX with CSP enabled

Friday, January 13th, 2023

To enable CSP (Content Security Policy) on KitCAD i3 rX at use the following CSP header example:

<meta http-equiv="Content-Security-Policy" content="base-uri 'none';default-src 'unsafe-inline' 'unsafe-eval' data: blob:; script-src-attr 'unsafe-inline'; script-src-elem 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' 'nonce-/IbgrYHFm30YHjFtkVNs2/AyJDI=' 'nonce-irksmjoZ4KFIzWLf5L5JqKkABN8=' 'nonce-ByyasUTa1oxWKG2tlzUy1zrnZFQ=' 'nonce-Biphe98QuUWVmOoH80ICDM0iozU=' 'strict-dynamic'; style-src 'unsafe-inline'">

The above CSP header example is in a meta-tag HTML format, it may be instead inserted in the web server document header by advanced end users (recomended).

View the page source of for scripting/html changes.

The page above is generated using a PHP file: Download and extract to the i3 folder. The rX2022csp.php file will need some manual editing to change domain name of in the CSP header line.

The following code example can be inserted into the .htaccess file for allowing rX2022csp URL to function without the .php file extension.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} /rX2022csp$
RewriteRule ^/?.*$ /library/i3/rX2022csp.php [L]

KitCAD i3 rX 2022 Console Bugs

Friday, January 13th, 2023

The above image shows errors that could be seen in chrome console (previous 2022 Chrome version). KitCAD i3 KGC rX does not execute the document.write() function.

As a work-around, use the page of

Scripting changes in the file of r2022.js are an over-ride of existing code within the _r5se.js file.