On 9/28/2020 3:52 PM, Jason Long wrote:
Header set Content-Security-Policy "default-src 'self';"
After it, some features of WordPress like menu disabled!
You posted this same question about a week ago for which I responded. My
response is repeated below with some additional advice.
Use your browser's developer tools (usually F12) to view your console
errors and warnings. The console will tell you what content your CSP
might be blocking.
Until you have your CSP set properly you can use a report only CSP
header to report what's in violation of your CSP without actually
blocking it.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
That's about the best advice you are going to get. You need to
understand the syntax of a Content Security Policy (CSP), what its
purpose is and how it can affect content of a web page.
Start with the links above.
The content you no longer see might come from a source not allowed by
your CSP. Your browser's dev tools console will confirm if that is true.
Jim
On Sunday, September 27, 2020, 05:29:51 PM GMT+3:30, Jim Albert
<j...@netrition.com> wrote:
On 9/27/2020 2:50 AM, Jason Long wrote:
Hello,
For a website with the name "my-example.net", what is the correct syntax of:
Header set Content-Security-Policy "default-src 'self';"
?
Thank you.
Which header are you asking about?
Strict-Transport-Security (your email subject) - indicates to the
browser that the site should only be accessed via https. The browser
will make make future requests via https.
Content-Security-Policy (your email body) - sets a trust policy for
content on a given site.
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org