Yoast Images disappear on admin pages afte adding security header img ‘self’

  • Resolved Jack All

    (@jack-all)


    6 years, 3 months ago

    Hi,

    Last week I started tightening security on my site by adding new security headers, and noticed images disappearing on Yoast wp-admin sections.
    For example, the Yoast icon left of the SEO menu item disappeared, but I can’t seem to find an external link reference in the decrypted code of the base64 svg used as icon. As I’m using Kaspersky AV, I suspect a possible relation when loading svg images

    Chrome console reads:
    admin.php?page=wpseo_dashboard:1 Refused to load the image because it violates the following Content Security Policy directive: “img-src ‘self’

    On the side:
    Same problem goes for Google analytics’ cleardot.gif, which is used for tracking page visits. After setting the security header mentioned above, I noticed a severe drop in Google analytics page views, but not in Adsense reports. I think it is being caused by cleardot.gif not being called/loaded externally anymore, because of the same restriction.

    I would appreciate your thoughts on this, thanks very much in advance.

    Kind regards,
    Jack.

    • This topic was modified 6 years, 3 months ago by Jack All.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Md Mazedul Islam Khan

    (@mazedulislamkhan)

    It sounds like an issue with the security header you have added and not an issue specific to Yoast SEO. Chrome seems to refuse the resources to load from both Yoast SEO and Google Analytics. Please, make sure that the security header you have added is correct.

    Thread Starter Jack All

    (@jack-all)

    The security header enforces images to be loaded only from the current domain, so that’s a good thing and not the issue. Problems that arise are:
    1. Kaspersky AV nests between showing svg icons in the browser and checking for vulnerabilities or so, before they show up in wp-admin. This is not allowed by new measures, e.g. security header img src ‘self’.
    2. Google Analatics code calls cleardot.gif from google or doubleclick servers, also against new security rules, causing analytics to drop.

    Just wanted to inform you about this and let you know about the icons not showing up in the menu and wp-admin on Yoast admin pages, because of issue 1. Just in case you might have questions about that in the future. Yoast can avoid that by using *.gif or *.ico images instead of *.svg for showing icons on Yoast Plugin admin pages.

    Thanks for your time!
    Regards,
    Jack.

    • This reply was modified 6 years, 3 months ago by Jack All.
    • This reply was modified 6 years, 3 months ago by Jack All.
    Plugin Support Jerlyn

    (@jerparx)

    Hi @jack-all,

    We do have a repository where you can submit this information so our developers can see. Can you please create a new issue in our Github repository with all these information? We thank you in advance.

    Plugin Support Jerlyn

    (@jerparx)

    Closed. No further questions.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Yoast Images disappear on admin pages afte adding security header img ‘self’’ is closed to new replies.