This topic has 10 replies, 3 voices, and was last updated 6 years by 
-
-
Hi.
Knowlege: https://scotthelme.co.uk/content-security-policy-an-introduction/
I tried to security header, by adding bellow code to “.htaccess”
<pre>
Header set Content-Security-Policy “script-src ‘unsafe-inline’ ”
</pre>
I also tried with
script-src ‘none‘
script-src ‘self‘
They are general security, but somehow it blocked theme function:
1) Dropdown menu $profile_menu, no longer available click on dropdown button, button disabled
2) Xprofile #profile buddypress , all tabed display together in “Base” tab. So it is a long list of xprofile. Not tabed anymore.
How do i allow to set security for header and also keep theme tabed/dropdown header work normal
Thanks
Hello, will assign the ticket to a higher support level who can help and advise you in your query.
Thanks! ?Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionLaura Solanes - Graphic Designer and Web Designer
Please be patient as I try to answer each topic as fast as i can.
If you like the theme or the support you've received please consider leaving us a review on Themeforest!
Always happy to help you 🙂
Hi,
Those most sure are caused by the changes that you had made and they are not theme issues.
Changing the paths folder names etc…
So in first instance if i can see your site can be helpful cuz like this “i’m blind”
Did you encounter the same if you de-activate the child theme ? or/and using default wp theme?
Cheers
R.Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionHi,
the tab cannot be changed because of those JS errors
There are also some resources that cannot be loaded
The issue it’s caused by some server setting or htaccess settings or cache settings
Try one of those solutions (see the comments with solutions) :
CHECK also this : https://stackoverflow.com/a/42454296/7974488
If you will need to add that code into head tag from header just copy this file : wp-content/themes/sweetdate/page-parts/general-header.php to wp-content/themes/sweetdate-child/page-parts/general-header.php and edit the file how you need.
Child theme needs to be installed and activated.
Cheers
RHi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionHi. This is complete 100% new website (cleared database and rebuild) that i just build for you.
This is sweettheme, which is said your theme issue with htaccess code. another theme is fine. recheck atatchment again please. There is screenshot with code in .htaccess. This security code caughted issue, which i show u and ask you fix, because defaul wp theme work fine, no issue.
I tried to security header, by adding bellow code to “.htaccess”
COPY CODEHeader set Content-Security-Policy “script-src ‘unsafe-inline’ ”I also tried with
script-src ‘none‘
script-src ‘self‘
Follow urs link. I tested with
<IfModule mod_headers.c>
Header always set Content-Security-Policy: “default-src ‘none’;”
Header always set Content-Security-Policy: “script-src ‘self’ http://www.google-analytics.com adserver.electricshop.bid http://www.electricshop.bid;”
Header always set Content-Security-Policy: “style-src ‘self’ http://www.electricshop.bid;”
</IfModule>This stop error js. But it created error style. What is wrong? Can you test on sweettheme in your hosting and give me final code solution for htaccess without broken sweettheme?
Hi issue fixed by following
<IfModule mod_headers.c>
Header always set Content-Security-Policy: “default-src ‘none’;”
Header always set Content-Security-Policy: “script-src ‘self’ http://www.google-analytics.com adserver.electricshop.bid http://www.electricshop.bid;”
Header always set Content-Security-Policy: “style-src ‘unsfae-inline’ http://www.electricshop.bid;”
</IfModule>Hi,
Great
Cheers
RHi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solution
You must be logged in to reply to this topic.
