KitCAD i3 rX with CSP enabled

To enable CSP (Content Security Policy) on KitCAD i3 rX at use the following CSP header example:

<meta http-equiv="Content-Security-Policy" content="base-uri 'none';default-src 'unsafe-inline' 'unsafe-eval' data: blob:; script-src-attr 'unsafe-inline'; script-src-elem 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' 'nonce-/IbgrYHFm30YHjFtkVNs2/AyJDI=' 'nonce-irksmjoZ4KFIzWLf5L5JqKkABN8=' 'nonce-ByyasUTa1oxWKG2tlzUy1zrnZFQ=' 'nonce-Biphe98QuUWVmOoH80ICDM0iozU=' 'strict-dynamic'; style-src 'unsafe-inline'">

The above CSP header example is in a meta-tag HTML format, it may be instead inserted in the web server document header by advanced end users (recomended).

View the page source of for scripting/html changes.

The page above is generated using a PHP file: Download and extract to the i3 folder. The rX2022csp.php file will need some manual editing to change domain name of in the CSP header line.

The following code example can be inserted into the .htaccess file for allowing rX2022csp URL to function without the .php file extension.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} /rX2022csp$
RewriteRule ^/?.*$ /library/i3/rX2022csp.php [L]

3 Responses to “KitCAD i3 rX with CSP enabled”

  1. Admin Says:

    Added more files to archive that would require a script element attribute of nonce.

  2. Admin Says:

    View Image

    Google Chrome page load issue, this locks the browser into a state which runs over and over…

  3. Admin Says:

    To fix the page load issue – Renamed rX2022csp.php to rX2022cspnew.php; Replaced rX2022csp.php with the original rX page content.

Leave a Reply

You must be logged in to post a comment.