Unable to use PWS_Dashboard "Inline code is considered harmful" **Solved**

New install - heathweather.com Home Weather Station (wd version) passed ok with no fatal errors:

This small program is used to check your web server settings if they prohibit installing the PWS_Dashboard.

You only need to re-run this program if you encounter unknown errors.

check 1 : $_SERVER[“DOCUMENT_ROOT”]: result = OK, server = www.heathweather.com

check 2.1 : Your current PHP version is : 7.1.16

check 2.2 : CURL support: result = OK

check 2.3 : simplexml support: result = OK

check 2.4 : GD support: result = OK: bundled (2.1.0 compatible)

check 3.1 : file_exists: result = OK

check 3.2 : chdir: result = OK

check 3.3 : file_put_contents: result = OK

check 3.4 : chmod: result = OK

check 3.5 : unlink: result = OK

check 4 : json support: result = OK

check 5 : load file from test site : result = OK

No fatal errors,

To continue with installing the PWS_Dashboard, click here to start easyweathersetup

If you have questions post those questions at this "PWS_Dashboard part of the WW-forum

When I select the link for easyweatherstartup, it takes me to Easyweather setup

On that page, I enter the password, then I get the menu at the top with “START” “LOCATION” “DATA” “UNITS” “DEVICES” “TILES” “API&KEYS” “OTHER” “SAVE YOUR SETTINGS”

and that’s it - there’s nothing else on the page.

Any ideas ?

Sadly, this is the largest “mess” i have seen since i started in 2011 #-o

Some “extra” security rules are applied, which make running the dashboard or other normal scripts inpossible.

Things like inline css or javascript to use tabs a.s.o. are blocked.

Content Security Policy blocks inline execution of scripts and stylesheets The Content Security Policy (CSP) prevents cross-site scripting attacks by blocking inline execution of scripts and style sheets. To solve this, move all inline scripts (e.g. onclick=[JS code]) and styles into external files. ⚠️ Allowing inline execution comes at the risk of script injection via injection of HTML script elements. If you absolutely must, you can allow inline script and styles by: adding unsafe-inline as a source to the CSP header adding the hash or nonce of the inline script to your CSP header.

Règle de sécurité du contenu  |  Articles  |  web.dev

Those rules forbid: “Formatting using “inline” css " like style=“margin: 0 auto;”
or even empty style style=”"

Another problem on your site:

Files can not be opened or written:, example: “Unable to open ./_my_settings/settings.php file check file permissions !”


I moved this post to a separate topic so that other apache / Google specialists can try to help.

Nothing i can do, you should ask your provider so set the restrictions on your site to a normal level.


P.S. your main page https://www.heathweather.com/ is also affected, 7 elements ar blocked there

Directive Source Location Status
script-src-elem www.heathweather.com/:11 blocked
style-src-attr www.heathweather.com/:35 blocked
script-src-elem www.heathweather.com/:39 blocked
script-src-elem www.heathweather.com/:63 blocked
style-src-attr www.heathweather.com/:117 blocked
style-src-attr www.heathweather.com/:119 blocked
script-src-elem www.heathweather.com/:158 blocked

A screenshot of the error as the text of the errors can not be posted on the forum.
The error texts themselves seem to be harmful to the forum code

errors.txt (6.26 KB)

Thank you Wim! I found the culprit - an .htaccess file in the root directory for the site, containing only:

Header set Content-Security-Policy “default-src ‘self’”

I removed that and things started working, kind of.

I deleted everything, did a fresh unzip, and it complains that the directory jsondata is not writable , so I did a chmod 777 on that, which got me past that.

On the first page, I can now enter information. But when I select “save your settings” I get:

Unable to open ./_my_settings/settings.php file check file permissions !

I had to set permissions at 777 on the my settings directory for that to work - is this the expected behavior ?

You have to set e the contents of the folder, not only the folder itself.
Depends on which utility you use, see attached screenshot.


Things are going in the right direction - thank you Wim !!

One other question - is there a way to use the weather forecast from the National Weather Service, or use the forecast that weather-display is using (which is the NWS forecast) ?

great work figuring this out guys!

For the current 2021lts release there is no NWS forecast integrated.
There will be one as I developed, already years ago, scripts for both the “map-click” as the SOAP version. Check Leuven v4.13 forecast scripts 2024-06-22 PHP 8.2 - HighCharts 11.3.0
But the reliability of the servers was a problem in the past. It seems to be solved now so it will become available.


A post was split to a new topic: Unable to open .settings.php file check file permissions!