httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Albert <...@netrition.com>
Subject Re: [users@httpd] How to set “Strict-Transport-Security”?
Date Mon, 28 Sep 2020 20:09:11 GMT
On 9/28/2020 3:52 PM, Jason Long wrote:
> Header set Content-Security-Policy "default-src 'self';"
>
> After it, some features of WordPress like menu disabled!


You posted this same question about a week ago for which I responded. My 
response is repeated below with some additional advice.

Use your browser's developer tools (usually F12) to view your console 
errors and warnings. The console will tell you what content your CSP 
might be blocking.
Until you have your CSP set properly you can use a report only CSP 
header to report what's in violation of your CSP without actually 
blocking it.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only


https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

That's about the best advice you are going to get.  You need to 
understand the syntax of a Content Security Policy (CSP), what its 
purpose is and how it can affect content of a web page.
Start with the links above.

The content you no longer see might come from a source not allowed by 
your CSP. Your browser's dev tools console will confirm if that is true.

Jim

>
>
>
>
>
>
>
> On Sunday, September 27, 2020, 05:29:51 PM GMT+3:30, Jim Albert <jim@netrition.com>
wrote:
>
>
>
>
>
> On 9/27/2020 2:50 AM, Jason Long wrote:
>
>> Hello,
>> For a website with the name "my-example.net", what is the correct syntax of:
>>
>> Header set Content-Security-Policy "default-src 'self';"
>>
>> ?
>>
>> Thank you.
>>
> Which header are you asking about?
> Strict-Transport-Security (your email subject) - indicates to the
> browser that the site should only be accessed via https. The browser
> will make make future requests via https.
> Content-Security-Policy (your email body) - sets a trust policy for
> content on a given site.
>
> Jim
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message