Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #970461

    Hi,

    i set the script-src as CSP policy in my .htaccess. I set them to ‘self’.

    This breaks the whole theme. I experimented with the settings, and only

    script-src ‘unsafe-inline’ ‘unsafe-eval’ https: *;

    helps. But this breaks any security settings for the website. This comes, because any script is inline, and not as external .js fine. Are you attemping to change it in the future to push up the security options?

    More Information about Scripts: here.

    #971098

    Hey Pako,

    If you use some plugins or some APIs you will get them requesting external scripts too and so such strict rules will not work for those cases. You could get a plugin and try to have all the scripts from the website added inline, then you can have those settings working for you.

    Best regards,
    Victoria

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.