CSP Isse | Forminator

  • Resolved shimsho

    (@shimsho)


    8 months, 2 weeks ago

    Hey guys,

    I have a problem with my Forminator plugin. I want to increase the security of my website. Here https://securityheaders.com/ I get:

    This policy contains ‘unsafe-inline’ which is dangerous in the script-src directive. This policy contains ‘unsafe-eval’ which is dangerous in the script-src

    Header always set Content-Security-Policy "upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com www.google.com www.gstatic.com www.fonts.gstatic.com www.api.openai.com code.jquery.com www.google.com/recaptcha/ www.static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 www.cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js cdnjs.cloudflare.com www.cdnjs.cloudflare.com cdn-cookieyes.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://.googleapis.com https://.gstatic.com .google.com https://.ggpht.com *.googleusercontent.com blob:; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.google.com https://www.google.com/maps/ www.metercustom.net/test/;"

    Everything works fine after getting rid of unsafe-eval, except for the Contact Form from Forminator.

    So can someone help?

    Header always set Content-Security-Policy "upgrade-insecure-requests; script-src 'self' static.cloudflareinsights.com www.google.com www.gstatic.com www.fonts.gstatic.com www.api.openai.com code.jquery.com www.google.com/recaptcha/ cdnjs.cloudflare.com cdn-cookieyes.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://.googleapis.com https://.gstatic.com .google.com https://.ggpht.com *.googleusercontent.com blob:; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.google.com https://www.google.com/maps/ www.metercustom.net/test/;"

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Nebu John – WPMU DEV Support

    (@wpmudevsupport14)

    Hi @shimsho,

    I hope you are keeping well and thank you for reaching out to us.

    I checked the mentioned issue on a test website but couldn’t replicate it on my end with a Forminator form. Since the page URL with the form was not provided, I wasn’t able to investigate further. Could you please share the URL where you noticed the issue so that we can take a closer look?

    Please also share an export of the form using Google Drive or DropBox for us to able to check things further. I hope the following guide comes in handy: https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#import-export

    We look forward to hearing back from you.

    Kind Regards,
    Nebu John

    Plugin Support Nithin – WPMU DEV Support

    (@wpmudevsupport11)

    Hi @shimsho,

    Since we haven’t heard from you for a while. I’ll mark this thread as resolved for now. Please feel free to re-open this thread if you need any further assistance.

    Kind Regards
    Nithin

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘CSP Isse | Forminator’ is closed to new replies.

Tags