content security policy is blocking java script

  • wgsieber

    (@wgsieber)


    7 years ago

    I am trying to make a WordPress site more secure by adding a CSP. I added this line: Header add Content-Security-Policy “default-src ‘self'” to my .htaccess file. This works for passing the Mozilla observatory, but it blocks java script in a few places. Some things are minor, like the hover features on the dashboard menu. Some are much more important, like my custom login and features in my theme and plugins. The plugin most affected is WP Bakery Page Builder. Could someone help me understand how to create CSP that allows java to run correctly?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    You’re probably doing the right thing, but you just need to consult with the plugin developers of WP Bakery Page Builder to resolve this.

    Thread Starter wgsieber

    (@wgsieber)

    thank you for your response. I believe you may be right in addressing the plugins, however there are issues with core features in WordPress. One example is that the ability to see the sub-menu while hovering over the left menu sections in the dashboard becomes disabled. I hope I’m explaining it well.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘content security policy is blocking java script’ is closed to new replies.