Javascript in the admin area breaks using plugin?

  • I cant figure this out, thanks to this plugin i can get passing grades on security, but something breaks javascript (can tell because there is java in the admin areas that no longer works).

    If i disable the plugin it works again.

    I’ve tried going through and manually turning off things but that doesnt seem to help?

    Anyone have any thoughts?

Viewing 1 replies (of 1 total)

  • Likely your Content Security Policy (CSP) blocks inline scripts (doesn’t allow unsafe-inline). Allowing unsafe-inline endangers security, though.

    It’s possible to securely allow inline content through SRI hash or nonce (not the one WordPress-native), but there is no any acceptable way to implement them without manual changes to the Core and plugins on every update.

    The only way is to change the CSP policy to less secure allowing unsafe-inline script and style sources.

    See CSP Sources for hash and nonce and SRI.

    P. S. Use Web Developer’s Console (Ctrl+Shift+K or Cmd+Shift+K) to check what scripts have been blocked and which directive is responsible for that.

    • This reply was modified 3 years, 9 months ago by maxoud.
    • This reply was modified 3 years, 9 months ago by maxoud.
Viewing 1 replies (of 1 total)
  • The topic ‘Javascript in the admin area breaks using plugin?’ is closed to new replies.