This topic has 10 replies, 3 voices, and was last updated 6 years by Radu.

  • Author
  • #196000
     TheDream18
    Participant

    Hi.

    Knowlege: https://scotthelme.co.uk/content-security-policy-an-introduction/

     

    I tried to security header, by adding bellow code to “.htaccess”

    <pre>

    Header set Content-Security-Policy “script-src ‘unsafe-inline’  ”

    </pre>

    I also tried with

    script-src ‘none

    script-src ‘self

     

    They are general security, but somehow it blocked theme function:

    1) Dropdown menu $profile_menu, no longer available click on dropdown button, button disabled

    2) Xprofile #profile buddypress , all tabed display together in “Base” tab.  So it is a long list of xprofile. Not tabed anymore.

     

    How do i allow to set security for header and also keep theme tabed/dropdown header work normal

     

    Thanks

     

    #196014
     TheDream18
    Participant

    2) The same happen with
    Header always set X-Frame-Options “SAMEORIGIN”

    #196016
     Laura
    Moderator

    Hello, will assign the ticket to a higher support level who can help and advise you in your query.
    Thanks! ?

    Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solution

    Laura Solanes - Graphic Designer and Web Designer

    Please be patient as I try to answer each topic as fast as i can.

    If you like the theme or the support you've received please consider leaving us a review on Themeforest!

    Always happy to help you 🙂

    #196053
     Radu
    Moderator

    Hi,

    Those most sure are caused by the changes that you had made and they are not theme issues.

    Changing the paths folder names etc…

    So in first instance if i can see your site can be helpful cuz like this “i’m blind”

    Did you encounter the same if you de-activate the child theme ? or/and using default wp theme?

    Cheers
    R.

    Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solution
    #196219
     TheDream18
    Participant
    This reply has been set as private.
    #196279
     Radu
    Moderator

    Hi,

    the tab cannot be changed because of those JS errors

    There are also some resources that cannot be loaded

    The issue it’s caused by some server setting or htaccess settings or cache settings

    Try one of those solutions (see the comments with solutions) :

    https://stackoverflow.com/questions/34852682/refused-to-load-the-script-because-it-violates-the-following-content-security-po

    https://stackoverflow.com/questions/31211359/refused-to-load-the-script-because-it-violates-the-following-content-security-po/33642737

    CHECK also this : https://stackoverflow.com/a/42454296/7974488

    If you will need to add that code into head tag from header just copy this file : wp-content/themes/sweetdate/page-parts/general-header.php to wp-content/themes/sweetdate-child/page-parts/general-header.php and edit the file how you need.

    Child theme needs to be installed and activated.

    Cheers
    R

    Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solution
    #196315
     TheDream18
    Participant

    Hi. This is complete 100% new website (cleared database and rebuild) that i just build for you.

    This is sweettheme, which is said your theme issue with htaccess code. another theme is fine. recheck atatchment again please. There is screenshot with code in .htaccess. This security code caughted issue, which i show u and ask you fix, because defaul wp theme work fine, no issue.

    I tried to security header, by adding bellow code to “.htaccess”

    COPY CODE
    
    
    Header set Content-Security-Policy “script-src ‘unsafe-inline’  ”
    
    

    I also tried with

    script-src ‘none‘

    script-src ‘self‘

    #196316
     TheDream18
    Participant

    If available, please try to add code i given to your htaccess, u will see the same happen.

    #196317
     TheDream18
    Participant

    Follow urs link. I tested with

    <IfModule mod_headers.c>
    Header always set Content-Security-Policy: “default-src ‘none’;”
    Header always set Content-Security-Policy: “script-src ‘self’ http://www.google-analytics.com adserver.electricshop.bid http://www.electricshop.bid;&#8221;
    Header always set Content-Security-Policy: “style-src ‘self’ http://www.electricshop.bid;&#8221;
    </IfModule>

    This stop error js. But it created error style. What is wrong? Can you test on sweettheme in your hosting and give me final code solution for htaccess without broken sweettheme?

    #196451
     TheDream18
    Participant

    Hi issue fixed by following

    <IfModule mod_headers.c>
    Header always set Content-Security-Policy: “default-src ‘none’;”
    Header always set Content-Security-Policy: “script-src ‘self’ http://www.google-analytics.com adserver.electricshop.bid http://www.electricshop.bid;”
    Header always set Content-Security-Policy: “style-src ‘unsfae-inline’ http://www.electricshop.bid;”
    </IfModule>

    #196592
     Radu
    Moderator

    Hi,

    Great
    Cheers
    R

    Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solution
Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.

Log in with your credentials

Forgot your details?