Hi Alan,
I've just run a couple tests, and I'm able to create new users in my 2.6 test environment. So far, I don't think this is a bug in the application, so let's see if we can work out what's going on locally for you. From the list of installation dependencies, it looks like only Apache is different, and based on some initial online searching of these errors, I'm starting to wonder if that's where the issue might be found.
All of the error messages you've shared reference the Content Security Policy. This is getting out of my area of knowledge, but CSPs are implemented in most modern browsers as a way of adding additional security, to prevent things like cross-site scripting attacks. As Wikipedia notes, "CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features."
Essentially, when the web pages delivered include meta or HTP header elements with CSP directives, CSP-supporting browsers will enforce those guidelines.
AtoM by default does not include any code that would add these. You can see that we call the inclusion of metas on our 1-column layout page (as in the User edit page)
here. AtoM's defaults are set here:
We're not invoking any CSP-related restrictions or parameters here. However, these can be set other places, such as the web server. I would suggest that you look into your Apache configuration. Some general links that may help learn more about this:
Meanwhile... In case you investigate and that's not the issue, I'll explore a couple other things you can check below. Does your AtoM site have a custom theme in place? If so, you might want to check some of the theme files, as it could be possible that different headers or meta elements are declared in your theme, if not on the webserver.
Other ideas:
First, when you upgraded from your 2.4 installation, did you remember to drop and recreate the MySQL database, and then run the upgrade task after loading your 2.4 data? See:
Additionally, if you do have a custom theme, make sure you review and apply the suggestions found lower down on this page:
Part of those instructions involve recompiling the CSS - and even if you've already implemented those, I think this is a step worth trying again if the user page is not rendering properly. If you've installed AtoM from the tarball on our website, then you may not have the dependencies to run the make command installed (the CSS is precompiled in the tarball, while if you install from our code repository, we include a step to compile it during installation). As such, I'll borrow the following lines from the
Option 2 (Install from our code repository) installation instructions:
- curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
- sudo apt install nodejs npm make
- sudo npm install -g "less@<2.0.0"
- sudo make -C /usr/share/nginx/atom/plugins/arDominionPlugin
The first 3 steps install the required dependencies, and then the last step will recompile the CSS for the base Dominion theme. If you are using Apache, you may need to modify the first part of the path in the last command - I'm guessing it's something like /var/www/atom instead, but you'll know better. Also, don't miss that last dash in the first command!
One thing to note - AtoM still requires a much older version of less (which requires an older version of nodeJS to install), so you may see deprecation notices - we're aware of this and have an issue to track it (#
13390), but in the meantime it should work to proceed.
If you have a custom theme plugin, make sure you repeat the last command, but with the name of your custom theme plugin. For example, if your theme plugin is called arMyCustomThemePlugin, then the command would be something like:
- sudo make -C /var/www/atom/plugins/arMyCustomThemePlugin
I'd suggest clearing the application cache, and restarting PHP-FPM (as well as memcached if you're using it) as well:
- php symfony cc
- sudo systemctl restart php7.2-fpm
- sudo systemctl restart memcached
Don't forget to clear your browser cache as well, and/or test in a private/incognito browser, so you are seeing the updates and not a cached version of the broken page.
Hopefully some of this will point you in the right direction! Please let us know how it goes.
Regards,