Content Security Policy (CSP) on WordPress

  • I am running Ubuntu 22.04 with Nginx 1.18 with WordPress version 6.4.3

    If I go to Appearance–> Editor–> Templates –> Manage all templates –> Pages I get a page like this:

    Some googling took me to this site here.

    Upon checking my nginx config I found this line here:

    add_header Content-Security-Policy “default-src https: data: ‘unsafe-inline’ ‘unsafe-eval'”;

    Commenting this line out solved my problem but now I do not have a Content Security Policy on my website.

    Does anyone know how I can modify my nginx config so I can have a Content Security Policy that allows me to edit my website with WordPress?

Viewing 1 replies (of 1 total)

  • Does anyone know how I can modify my nginx config so I can have a Content Security Policy that allows me to edit my website with WordPress?

    You don’t have just WordPress… you have WordPress plus a theme and a myriad of plugins. So the policy that works on one WordPress site may not work on yours at all.

    Check your browser’s developer console to see exactly what policy is being violated and is causing the blocking…. then you’ll know what to tweak in your Nginx config.

Viewing 1 replies (of 1 total)
  • The topic ‘Content Security Policy (CSP) on WordPress’ is closed to new replies.