On 9/28/2020 3:52 PM, Jason Long wrote:
Header set Content-Security-Policy "default-src 'self';" After it, some features of WordPress like menu disabled!
You posted this same question about a week ago for which I responded. My response is repeated below with some additional advice.
Use your browser's developer tools (usually F12) to view your console errors and warnings. The console will tell you what content your CSP might be blocking. Until you have your CSP set properly you can use a report only CSP header to report what's in violation of your CSP without actually blocking it.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSPThat's about the best advice you are going to get. You need to understand the syntax of a Content Security Policy (CSP), what its purpose is and how it can affect content of a web page.
Start with the links above.The content you no longer see might come from a source not allowed by your CSP. Your browser's dev tools console will confirm if that is true.
Jim
On Sunday, September 27, 2020, 05:29:51 PM GMT+3:30, Jim Albert <jim@xxxxxxxxxxxxx> wrote: On 9/27/2020 2:50 AM, Jason Long wrote:Hello, For a website with the name "my-example.net", what is the correct syntax of: Header set Content-Security-Policy "default-src 'self';" ? Thank you.Which header are you asking about? Strict-Transport-Security (your email subject) - indicates to the browser that the site should only be accessed via https. The browser will make make future requests via https. Content-Security-Policy (your email body) - sets a trust policy for content on a given site. Jim
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|