Add domain exception

  • hirejordansmith

    (@hirejordansmith)


    1 year ago

    I received an email from a 3rd party company (see below) that is trying to enable a feature on our website. I’m pretty sure the issue is related to this plugin that I have installed on the site. I tried to see if there was an option to add a domain exception in the settings but couldn’t find anything. Is there a way to keep the plugin installed while also provided access to the 3rd party domain?

    ========

    We just attempted to enable the “auto locate” feature on the locator, but wasn’t working, so we had our dev take a look. The issue stems from a security policy set on the website. Either a WordPress plugin or the?host (Pressable)?is sending a header named?Permissions-Policy.

    It is currently set to only allow “self” to request geolocation. In this case “self” means the same domain that is serving the page.

    To fix this, that header needs to be set to include the Grappos locator domain in addition to self. (https://locator.grappos.com)

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter hirejordansmith

    (@hirejordansmith)

    Just checking in on this ticket? Please confirm you’ve received it?

    Plugin Author Andrea Ferro

    (@unicorn03)

    Hi @hirejordansmith, thanks epr for downloading the Headers Security Advanced & HSTS WP plugin. I am Andrea and I will help you with your issue.Sorry for the time but for some strange reason I didn’t get the notifications to this topic.

    Plugin Author Andrea Ferro

    (@unicorn03)

    Hi , I confirm that the Permissions-Policy header is configured with the value “self”. Also, you can currently customize some values as CSP with your own headers.

    I ask if you have fixed it and confirm that with the next versions there will be an update to customize other values as well.

    I thank you for your topic

    Thread Starter hirejordansmith

    (@hirejordansmith)

    I have the plugin disabled for now since there wasn’t a way to override in the settings. Do you know when the next version will be released? I can just re-activate it then once you have the bypass in place!

    Plugin Author Andrea Ferro

    (@unicorn03)

    Hi @assumerejordansmith, I wanted to update you after these holidays. I am currently working on version 5.0.31 of the plugin to configure the functionality described in the topic, as soon as I release version 5.0.31 I will write to you so you can resolve your issue.

    Thread Starter hirejordansmith

    (@hirejordansmith)

    @unicorn03 – awesome, thanks for the update!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Add domain exception’ is closed to new replies.