Content Security Policy (CSP) on WordPress | WordPress.org

lo0seun1t
(@lo0seun1t)

4 days, 6 hours ago

I am running Ubuntu 22.04 with Nginx 1.18 with WordPress version 6.4.3

If I go to Appearance–> Editor–> Templates –> Manage all templates –> Pages I get a page like this:

Some googling took me to this site here.

Upon checking my nginx config I found this line here:

add_header Content-Security-Policy “default-src https: data: ‘unsafe-inline’ ‘unsafe-eval'”;

Commenting this line out solved my problem but now I do not have a Content Security Policy on my website.

Does anyone know how I can modify my nginx config so I can have a Content Security Policy that allows me to edit my website with WordPress?

Viewing 1 replies (of 1 total)

George Appiah
(@gappiah)

4 days, 5 hours ago

Does anyone know how I can modify my nginx config so I can have a Content Security Policy that allows me to edit my website with WordPress?

You don’t have just WordPress… you have WordPress plus a theme and a myriad of plugins. So the policy that works on one WordPress site may not work on yours at all.

Check your browser’s developer console to see exactly what policy is being violated and is causing the blocking…. then you’ll know what to tweak in your Nginx config.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

In: Localhost Installs
1 reply
2 participants
Last reply from: George Appiah
Last activity: 4 days, 5 hours ago
Status: not resolved

Views