httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Albert <...@netrition.com>
Subject Re: [users@httpd] Content-Security-Policy for a WordPress website.
Date Thu, 17 Sep 2020 20:24:10 GMT
On 9/17/2020 4:17 PM, Jim Albert wrote:
> On 9/17/2020 3:27 PM, Jason Long wrote:
>> Hello,
>> When I added "Header set Content-Security-Policy "default-src 
>> 'self';"" to "httpd.conf" then my website style and some graphical 
>> features are disable.
>> Why?
>>
>> Thank you.
>>
>>
>
> Use your browser's developer tools (usually F12) to view your console 
> errors and warnings. The console will tell you what content your CSP 
> might be blocking.
> Until you have your CSP set properly you can use a report only CSP 
> header to report what's getting blocked without actually blocking it.
>
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only

>
> https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
>

Sorry.. I should have phrased the above as:
"Until you have your CSP set properly you can use a report only CSP 
header to report what's in violation of your CSP without actually 
blocking it."

Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message