-
Author
-
April 25, 2018 at 14:04 #196000TheDream18Participant
Hi.
Knowlege: https://scotthelme.co.uk/content-security-policy-an-introduction/
I tried to security header, by adding bellow code to “.htaccess”
<pre>
Header set Content-Security-Policy “script-src ‘unsafe-inline’ ”
</pre>
I also tried with
script-src ‘none‘
script-src ‘self‘
They are general security, but somehow it blocked theme function:
1) Dropdown menu $profile_menu, no longer available click on dropdown button, button disabled
2) Xprofile #profile buddypress , all tabed display together in “Base” tab. So it is a long list of xprofile. Not tabed anymore.
How do i allow to set security for header and also keep theme tabed/dropdown header work normal
Thanks
April 25, 2018 at 15:54 #196014TheDream18Participant2) The same happen with
Header always set X-Frame-Options “SAMEORIGIN”April 25, 2018 at 16:47 #196016LauraModeratorHello, will assign the ticket to a higher support level who can help and advise you in your query.
Thanks! ?Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionLaura Solanes - Graphic Designer and Web Designer
Please be patient as I try to answer each topic as fast as i can.
If you like the theme or the support you've received please consider leaving us a review on Themeforest!
Always happy to help you 🙂
April 25, 2018 at 19:37 #196053RaduModeratorHi,
Those most sure are caused by the changes that you had made and they are not theme issues.
Changing the paths folder names etc…
So in first instance if i can see your site can be helpful cuz like this “i’m blind”
Did you encounter the same if you de-activate the child theme ? or/and using default wp theme?
Cheers
R.Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionApril 27, 2018 at 16:40 #196279RaduModeratorHi,
the tab cannot be changed because of those JS errors
There are also some resources that cannot be loaded
The issue it’s caused by some server setting or htaccess settings or cache settings
Try one of those solutions (see the comments with solutions) :
CHECK also this : https://stackoverflow.com/a/42454296/7974488
If you will need to add that code into head tag from header just copy this file : wp-content/themes/sweetdate/page-parts/general-header.php to wp-content/themes/sweetdate-child/page-parts/general-header.php and edit the file how you need.
Child theme needs to be installed and activated.
Cheers
RHi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionApril 27, 2018 at 20:02 #196315TheDream18ParticipantHi. This is complete 100% new website (cleared database and rebuild) that i just build for you.
This is sweettheme, which is said your theme issue with htaccess code. another theme is fine. recheck atatchment again please. There is screenshot with code in .htaccess. This security code caughted issue, which i show u and ask you fix, because defaul wp theme work fine, no issue.
I tried to security header, by adding bellow code to “.htaccess”
COPY CODEHeader set Content-Security-Policy “script-src ‘unsafe-inline’ ”
I also tried with
script-src ‘none‘
script-src ‘self‘
April 27, 2018 at 20:10 #196316TheDream18ParticipantIf available, please try to add code i given to your htaccess, u will see the same happen.
April 27, 2018 at 20:23 #196317TheDream18ParticipantFollow urs link. I tested with
<IfModule mod_headers.c>
Header always set Content-Security-Policy: “default-src ‘none’;”
Header always set Content-Security-Policy: “script-src ‘self’ http://www.google-analytics.com adserver.electricshop.bid http://www.electricshop.bid;”
Header always set Content-Security-Policy: “style-src ‘self’ http://www.electricshop.bid;”
</IfModule>This stop error js. But it created error style. What is wrong? Can you test on sweettheme in your hosting and give me final code solution for htaccess without broken sweettheme?
April 30, 2018 at 14:00 #196451TheDream18ParticipantHi issue fixed by following
<IfModule mod_headers.c>
Header always set Content-Security-Policy: “default-src ‘none’;”
Header always set Content-Security-Policy: “script-src ‘self’ http://www.google-analytics.com adserver.electricshop.bid http://www.electricshop.bid;”
Header always set Content-Security-Policy: “style-src ‘unsfae-inline’ http://www.electricshop.bid;”
</IfModule>May 2, 2018 at 17:24 #196592RaduModeratorHi,
Great
Cheers
RHi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solution -
AuthorPosts
You must be logged in to reply to this topic.