Content Security Policy has no effect

  • Resolved mbaierl

    (@mbaierl)


    1 year, 4 months ago

    When caching plugins (i.e. WP Rocket, Cloudfare, Nitropack) are being used the settings for Content-Security-Policy or custom HTTP headers have no effect… any chance to fix this by delivering the headers via rulse in the .htaccess?

Viewing 1 replies (of 1 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Only Apache and LiteSpeed use .htaccess, it wouldn’t work with other web servers such as Nginx.
    Isn’t there an option to cache HTTP headers response?
    I downloaded and tested the first caching plugin I found in the repo (https://www.ads-software.com/plugins/wp-super-cache/) and it had a “Cache HTTP headers with page content”, which I enabled. I also created a custom HTTP header with NinjaFirewall: foo: bar

    Here’re the results.
    First, page is not cached yet:

    $ curl -I https://localhost/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 03 Nov 2023 09:10:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding, Cookie
foo: bar
X-WP-Cache: MISS

    Then the same page, but cached this time:

    $ curl -I https://localhost/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 03 Nov 2023 09:10:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding, Cookie
foo: bar
X-WP-Cache: HIT

    My foo: bar header is always returned.

Viewing 1 replies (of 1 total)
  • The topic ‘Content Security Policy has no effect’ is closed to new replies.