plugins - Headers Content-Security-Policy CSP Major Issue

admin管理员组

文章数量:1122846

Im trying to add CSP : Header add Content-Security-Policy "script-src 'self';" - to my htaccess, seems like this line keeps breaking my site, The blocks gets broken, Unable to edit with elementor etc… I’ve tried every option of script-src and seems like nothing works here. Anyone had this situtation before?

Im trying to add CSP : Header add Content-Security-Policy "script-src 'self';" - to my htaccess, seems like this line keeps breaking my site, The blocks gets broken, Unable to edit with elementor etc… I’ve tried every option of script-src and seems like nothing works here. Anyone had this situtation before?

• plugins
• htaccess
• security
• headers
• custom-header

Share Improve this question asked Dec 22, 2021 at 15:29 EmotionalEmotional 2122 bronze badges 2

• 1 Some content security headers are fundamentally incompatible with certain applications. If you want to get Elementor working you will need to speak with Elementor support, however it's extremely unlikely this can be resolved while keeping that header. You will need to remove the CSP. Known conflicts include parts of the media library and Yoast SEO, anything that uses underscores templates, etc – Tom J Nowell ♦ Commented Dec 22, 2021 at 16:27
• I'm in the same boat. Seems the correct CSP header would be to allow any https: resources (Header append Content-Security-Policy "default-src 'self'; script-src https:;") and that should fix the problem. However, I tried that and it broke the Elementor and ?? maybe more plugins. I'm also not sure if it can be configured for WP. – I'm Root James Commented Apr 30, 2022 at 22:51

Add a comment  | 

1 Answer 1

Sorted by: Reset to default -1

For now yor must add 'unsafe-inline' in the script-src directive. Then elementor will work.

本文标签： pluginsHeaders ContentSecurityPolicy CSP Major Issue