Viewing 18 posts - 1 through 18 (of 18 total)
  • Author
    Posts
  • #1160618

    Hi
    as you see here there are quite a lot of things missing regarding GDPR/Dataprotection.
    These things are related to the theme cause they need to be fixed via tags in the header:

    https://webbkoll.dataskydd.net/de/results?url=http%3A%2F%2Fmarcusjeroch.de

    1: How to?
    2: Why are these tags not default/standard in your theme?

    Marcus

    #1161128

    Hey MarcusJeroch,

    We have reported this to our developers, allow some time please.

    Best regards,
    Basilis

    #1165221

    Hallo Basilis,
    since this is severe and can lead to lawsuits you hopefully understand that this is urgent and needs to be fixed soon

    Marcus

    #1165675

    Hi Marcus,

    Please have a look at the following article:

    If you need further assistance please let us know.
    Best regards,
    Victoria

    #1165743
    #1166251

    Hello,


    @Guenni007
    : Thank you for the info.

    Best regards,
    Ismael

    #1166328

    Hm….

    That means everybody who uses Enfold is in danger of finding him/herself in a lawsuit because of violating the GDPR.
    I think its your duty to fix it instead of expecting all your users to do htaccessmagic.
    At least we can expect you to give a clear and detailed instruction

    #1166460

    hm – first of all : who is responsible for the contents of your page in your imprint?
    So also this contact person has to take care of it.

    Everyone has completely different pages, and relevant also page requirements. If you use Google systems, then these must flow into your releases also there. Do you use cloud services or CDNs – and which ones etc. pp. Analytics Tools …
    These are so many parameters that only you can know, that it would be unfair to charge these tasks to a theme creator.

    These header security entries are only indirectly related to the GDPR. They should prevent that various illegal attacks (Man in the Middle etc.) on the part of third can take influence on your site.

    Well, don’t shirk your responsibilities. With SSL certificates, you also have to take care of it yourself.

    #1166466

    We are talking about Meta-tags and not SSL-certificates.
    Metatags are a part of a themes header and Enfold advertises with “GDPR-ready” but it isnt.

    #1166843

    na bei dem Ergebnis bin ich von den CSP und Header Security Einträgen HSTS ausgegangen! Das ist wie in meinem Link zu sehen schon was anderes.
    Bei dem von Ihnen gesetzten Link – woran machen Sie das Fehlen von Meta-Tags jetzt dingfest?


    _________

    at the result of your link above I assumed that your quest concerns to the CSP and Header Security entries HSTS! This is like in my link to see already something else.
    With the link you set – where do you make the absence of meta tags now visible?

    #1166847

    If – as you asume – there is nothing to fix – why did Basilis respond like that?

    Hey MarcusJeroch,
    We have reported this to our developers, allow some time please.
    Best regards,
    Basilis

    #1166869

    my thoughts on that are here resumed: https://kriesi.at/support/topic/header-security-entries/#post-1155949
    the question is why we had to set it to unsafe-inline and unsafe-eval to have a working site?

    you can see here f.e.: that it is mostly a wordpress thing https://core.trac.wordpress.org/ticket/38695

    I hope that WordPress should take care of that: and that an unsafe-inline and unsafe-eval is not necessary in the future releases

    #1167065

    Hi,

    Thank you for the update.

    @marcusjeroch: You can either use @guenter‘s .htaccess configuration, which is the easiest route or implement the recommendations provided by the tool. For example, to enable the Content Security Policy (CSP) header, you can manually override the header.php file in your child theme and add this meta tag.

    <meta http-equiv="Content-Security-Policy" content="script-src 'self'">
    

    You can also accomplish the same thing using the wp_head hook.

    add_action('wp_head', function() {
       echo '<meta http-equiv="Content-Security-Policy" content="script-src \'self\'">';
    }, 10);
    

    Best regards,
    Ismael

    #1167240

    hm – ismael that will not be enough : and will end in:

    and a non working wordpress page (

    #1167646

    Hi!


    @guenni007
    : Yes, thank you. I was just pointing out how he can move forward with this and that is by doing the recommended implementations in the tool.

    Regards,
    Ismael

    #1167844

    Yes – i know that this is not caused by Enfold (alone) but even on wordpress themes ( twenty-twenty etc.) the script-src and style-src had to be set to unsafe-inline.
    But i do not see why. Is it the customizer script that is implemented in a “wrong” manner?

    #1168718

    The problem here is that you both expect a customer to be a developer/nerd/pro to solve severe and legally important things.
    I am an artist and i dont expect you to juggle seven balls, do i??
    Why cant you just say?
    1: Use a child theme (which i already do)
    2: Upload a header.php – here is the necessary content
    3: add these lines….

    Everything would be fine but instead you need to discuss endless about who is responsible or not and finaly you cunsumed/burned your customers time and money.
    Thats not customers care.

    Marcus

    #1169086

    Hi,
    So are we to understand that you have followed the recommendation and this issue has now been corrected and we should close this thread?

    Best regards,
    Mike

Viewing 18 posts - 1 through 18 (of 18 total)
  • You must be logged in to reply to this topic.