I just moved a WP site to another server and I get this error in my console:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
When searching for a solution, I only see things about Chrome extensions.
What can this be, all of a sudden?
I tried updating Jquery to the latest version, but it did not help. It's very strange, I can't pinpoint it. On my development machine and at the new location the site bloats. Luckily the production site is still functioning.
Edit:
This solution works partially: http://ift.tt/1rOSmtC. Basically, you have to add this line to a .htaccess file:
Header set Content-Security-Policy "allow 'self'; media-src *; img-src *; script-src 'self' 'unsafe-inline' http://ift.tt/Q55qZD http://ift.tt/rzP4g5; style-src 'self' 'unsafe-inline';"
But partially! Now the CSS bloats:
Refused to load the stylesheet 'http://ift.tt/11KTbap' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'".
But the question remains: why is this happening out of the blue?
Aucun commentaire:
Enregistrer un commentaire