-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSP help #452
Comments
At a glance, I suspect you would need to remove |
i do that and the result is not working the scritps. |
Ah, it's possible that your site or your plugins are incompatible with the most-secure CSP settings, and a higher grade may not be possible. |
How can i know where is the problem in plugins or in the site? |
I don't know, sorry. You would have to trace the HTML served up by Wordpress to either Wordpress itself, or to a specific plugin's insertions into that HTML, and find some other way to make it happen. |
Thank you very much for quick response and for help. |
Hello
I have this header csp in my .htaccess.
Header set Content-Security-Policy "script-src 'unsafe-inline' 'self' http: https://perfecteclass.com.cy; object-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'self' https://www.perfecteclass.com.cy;"
if i put 'strict-dynamic' in script-src scripts from the my site not loading the same result have the require-trusted-types-for 'script';
So i get B in mozilla observatory.
What can i do so i can put 'strict-dynamic' and require-trusted-types-for 'script' and the scripts of the site loading right
so i can get an A from observatory?
Thank you
The text was updated successfully, but these errors were encountered: