CSP Errors

  • Resolved louisvillebourboninn

    (@louisvillebourboninn)


    1 year, 3 months ago

    Refused to execute inline script because it violates the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' 'inline-speculation-rules' 'nonce-f6KHVZeU' 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com". Either the 'unsafe-inline' keyword, a hash ('sha256-aU1b2MDj4Gvp8L6QSXvoKx7dCbT0M6OWmvgRx2IAhUI='), or a nonce ('nonce-...') is required to enable inline execution.

    I’m getting the above error for lwi_ads_insights.php?app_id=221646389321681&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconne…

    and the same error for lwi_ads_creation.php?app_id=221646389321681&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconne…

    It appears to be reading a CSP policy that comes from Facebook because the one it shows in the example is not mine. (I put ‘unsafe-inline’ in my script-src and I still get this error; plus I don’t use any wildcards in my CSP).

    Any suggestions?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support Marija

    (@marijastuntcoders)

    1 year, 3 months ago

    Hello, and thank you for reaching out.

    Please tell us when and where does this error appear, is it being logged via your theme, or a different plugin?

    Kind regards,
    Marija

    Thread Starter louisvillebourboninn

    (@louisvillebourboninn)

    1 year, 3 months ago

    It shows up in the Developer Tools.

    Thread Starter louisvillebourboninn

    (@louisvillebourboninn)

    1 year, 3 months ago

    Here is an excerpt from the current CSP policy, which is uber-permissive. I’ll tighten it up after I get everything to work. Didn’t want my policy to interfere right now.

    Header set Content-Security-Policy: "default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.facebook.com connect.facebook.net www.googletagmanager.com static.cloudflareinsights.com code.jquery.com louisvillebourboninn.com;   ...

    The policy continues but this is the part related to the error)

    Plugin Support Marija

    (@marijastuntcoders)

    1 year, 3 months ago

    Hello,

    Can you please check if the error is still there after disabling the Meta pixel for WordPress plugin?

    Kind regards,
    Marija

    Plugin Support Marija

    (@marijastuntcoders)

    1 year, 3 months ago

    Hi @louisvillebourboninn

    Just wanted to check if you are still having this issue, and if you were able to check if this error is still present after disabling the Meta pixel for WordPress plugin?

    Kind regards,
    Marija

    Plugin Support Marija

    (@marijastuntcoders)

    1 year, 3 months ago

    Hi @louisvillebourboninn ,

    Since we haven’t heard back from you in a while, we will be marking this issue as resolved. Please feel to reach out again, should you have any further issues with the plugin.

    Kind regards,
    Marija

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘CSP Errors’ is closed to new replies.

Tags