-
Posts
-
Hi
as you see here there are quite a lot of things missing regarding GDPR/Dataprotection.
These things are related to the theme cause they need to be fixed via tags in the header:https://webbkoll.dataskydd.net/de/results?url=http%3A%2F%2Fmarcusjeroch.de
1: How to?
2: Why are these tags not default/standard in your theme?Marcus
Hey MarcusJeroch,
We have reported this to our developers, allow some time please.
Best regards,
BasilisHallo Basilis,
since this is severe and can lead to lawsuits you hopefully understand that this is urgent and needs to be fixed soonMarcus
Hi Marcus,
Please have a look at the following article:
If you need further assistance please let us know.
Best regards,
Victoriahttps://kriesi.at/support/topic/header-security-entries/
i did it via htaccess file.
Hm….
That means everybody who uses Enfold is in danger of finding him/herself in a lawsuit because of violating the GDPR.
I think its your duty to fix it instead of expecting all your users to do htaccessmagic.
At least we can expect you to give a clear and detailed instructionhm – first of all : who is responsible for the contents of your page in your imprint?
So also this contact person has to take care of it.Everyone has completely different pages, and relevant also page requirements. If you use Google systems, then these must flow into your releases also there. Do you use cloud services or CDNs – and which ones etc. pp. Analytics Tools …
These are so many parameters that only you can know, that it would be unfair to charge these tasks to a theme creator.These header security entries are only indirectly related to the GDPR. They should prevent that various illegal attacks (Man in the Middle etc.) on the part of third can take influence on your site.
Well, don’t shirk your responsibilities. With SSL certificates, you also have to take care of it yourself.
We are talking about Meta-tags and not SSL-certificates.
Metatags are a part of a themes header and Enfold advertises with “GDPR-ready” but it isnt.na bei dem Ergebnis bin ich von den CSP und Header Security Einträgen HSTS ausgegangen! Das ist wie in meinem Link zu sehen schon was anderes.
Bei dem von Ihnen gesetzten Link – woran machen Sie das Fehlen von Meta-Tags jetzt dingfest?
_________at the result of your link above I assumed that your quest concerns to the CSP and Header Security entries HSTS! This is like in my link to see already something else.
With the link you set – where do you make the absence of meta tags now visible?If – as you asume – there is nothing to fix – why did Basilis respond like that?
Hey MarcusJeroch,
We have reported this to our developers, allow some time please.
Best regards,
Basilismy thoughts on that are here resumed: https://kriesi.at/support/topic/header-security-entries/#post-1155949
the question is why we had to set it to unsafe-inline and unsafe-eval to have a working site?you can see here f.e.: that it is mostly a wordpress thing https://core.trac.wordpress.org/ticket/38695
I hope that WordPress should take care of that: and that an unsafe-inline and unsafe-eval is not necessary in the future releases
Hi,
Thank you for the update.
@marcusjeroch: You can either use @guenter‘s .htaccess configuration, which is the easiest route or implement the recommendations provided by the tool. For example, to enable the Content Security Policy (CSP) header, you can manually override the header.php file in your child theme and add this meta tag.
<meta http-equiv="Content-Security-Policy" content="script-src 'self'">You can also accomplish the same thing using the wp_head hook.
add_action('wp_head', function() { echo '<meta http-equiv="Content-Security-Policy" content="script-src \'self\'">'; }, 10);Best regards,
IsmaelHi!
@guenni007: Yes, thank you. I was just pointing out how he can move forward with this and that is by doing the recommended implementations in the tool.Regards,
IsmaelYes – i know that this is not caused by Enfold (alone) but even on wordpress themes ( twenty-twenty etc.) the script-src and style-src had to be set to unsafe-inline.
But i do not see why. Is it the customizer script that is implemented in a “wrong” manner?The problem here is that you both expect a customer to be a developer/nerd/pro to solve severe and legally important things.
I am an artist and i dont expect you to juggle seven balls, do i??
Why cant you just say?
1: Use a child theme (which i already do)
2: Upload a header.php – here is the necessary content
3: add these lines….Everything would be fine but instead you need to discuss endless about who is responsible or not and finaly you cunsumed/burned your customers time and money.
Thats not customers care.Marcus
- You must be logged in to reply to this topic.