Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • November 23, 2024 at 6:04 pm #1472025
    zimbo

    Lighthouse was downgrading my Best Practices report on this website with an “Ensure CSP is effective against XSS attacks” error. This is Google’s reference page: https://developer.chrome.com/docs/lighthouse/best-practices/csp-xss/

    I found this thread and implemented Guenni007’s solution as he posted it.

    Whilst my Best Practices score is now 100 Lighthouse is still generating the same main error as above but now with these specific details:

    script-src directive is missing. This can allow the execution of unsafe scripts.
    Missing object-src allows the injection of plugins that execute unsafe scripts. Consider setting object-src to 'none' if you can.

    (Quite how I get a score of 100 when there are still errors seems a bit bizarre to me, whatever…)

    I have no idea how to alter .htaccess to fix this: please can you make a suggestion?

    November 23, 2024 at 7:40 pm #1472034
    Mike

    Hey zimbo,
    To edit .htaccess use FTP or the cPanel file manager on your web host.
    “dot” files like .htaccess are sometimes hidden in FTP clients and you may need to check your preference options
    also note in the thread that sometimes it needs an apache server restart, you may need your web host to help with that.

    Best regards,
    Mike

    November 25, 2024 at 3:30 pm #1472156
    zimbo

    Thanks, I know how to edit and upload .htaccess.

    What I don’t know is how to amend Guenni007’s solution to fix the Lighthouse errors I listed, can you advise on that?

    November 27, 2024 at 5:23 pm #1472390
    Mike

    Hi,
    I don’t have experience with this, his thread is still open, try posting to his thread as he may know.

    Best regards,
    Mike

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.