Content Security Policy blocked the loading of a resource

  • Resolved Bjarne Oldrup

    (@oldrup)


    1 year, 4 months ago

    Hey!

    WP 6.3 beta 3 tries to load something from a blob. That conflicts with the content security policies in place since WP 5.8.

    Are there new requirements to WP’s access to local resources, that we should take into consideration when securing our websites?

    Content Security Policy: The page's settings blocked the loading of a resource at blob:https://dev.fakeurl.net/5783eb9b-c249-47dd-823f-2767b76475bd ("script-src").
Viewing 2 replies - 1 through 2 (of 2 total)

  • I can’t find the mentioned domain anywhere in WordPress core. With a fresh installation of Beta3 I don’t see the requests you mentioned at all. Have you deactivated all plugins as a test?

    WordPress does not deliver CSP headers by itself. This must happen either through a setting on your hosting or through a plugin you use.

    Thread Starter Bjarne Oldrup

    (@oldrup)

    Correct. One of my own CSP-headers blocked this request. Fixed on my end. Thank you for your help ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Content Security Policy blocked the loading of a resource’ is closed to new replies.