Title: CSP – inline/eval issues Last modified: December 25, 2024 --- # CSP – inline/eval issues * Resolved [refuge77](https://wordpress.org/support/users/refuge77/) * (@refuge77) * [1 year, 5 months ago](https://wordpress.org/support/topic/csp-inline-eval-issues/) * Purchase the WP Hide Pro plugin. After configuring csp the website received a csp grade “A” at securityheaders.com, however it came with a warning about inline/ eval which my theme needs to function [view here](https://securityheaders.com/?q=https%3A%2F%2Fstaging2.abc12362.sg-host.com%2F&followRedirects=on) Also, the theme has some functionality problems with images, and format since configuring csp. am requesting advisement on how to configure csp that safely allows unsafe inline/eval since the WordPress core functionality, plugin compatibility, theme functionality, admin interface, operations Dynamic content handling requires it. Also, the following error message showed when inspected: * This page failed to load a stylesheet from a URL.Affective resources: * 3 resources:  * staging2.abc12362.sg-host.com/:1 * staging2.abc12362.sg-host.com/:0 * staging2.abc12362.sg-host.com/:4 * and - Some resources are blocked because their origin is not listed in your site’s Content Security Policy (CSP). Your site’s CSP is allowlist-based, so resources must be listed in the allowlist in order to be accessed. A site’s Content Security Policy is set either via an HTTP header (recommended), or via a meta HTML tag.To fix this issue do one of the following: * (Recommended) If you’re using an allowlist for ‘script-src’, consider switching from an allowlist CSP to a strict CSP, because strict CSPs are more robust against XSS. See how to set a strict CSP. * Or carefully check that all of the blocked resources are trustworthy; if they are, include their sources in the CSP of your site. ⚠️Never add a source you don’t trust to your site’s CSP. If you don’t trust the source, consider hosting resources on your own site instead. - Affected Resources - 7 directives - Resource - [datablockedstyle-src-elemstaging2.abc12362.sg-host.com/:4https://fonts.googleapis.com/css?family=Raleway%3A300%2C400%2C700%2C800%2C900%7CRoboto%3A400%2C500%2C700%2C900&display=swap&subset=cyrillic%2Cvietnameseblockedstyle-src-elemstaging2.abc12362.sg-host.com/:4https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swapblockedstyle-src-elemstaging2.abc12362.sg-host.com/:4datablockedscript-src-elemstaging2.abc12362.sg-host.com/:0datablockedstyle-src-elemstaging2.abc12362.sg-host.com/:0https://fonts.googleapis.com/css?family=Raleway%3A300%2C400%2C700%2C800%2C900%7CRoboto%3A400%2C500%2C700%2C900&display=swap&subset=cyrillic%2Cvietnameseblockedstyle-src-elemstaging2.abc12362.sg-host.com/:0https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swapblockedstyle-src-elemstaging2.abc12362.sg-host.com/:0](http://datablockedstyle-src-elemstaging2.abc12362.sg-host.com/:4https://fonts.googleapis.com/css?family=Raleway%3A300%2C400%2C700%2C800%2C900%7CRoboto%3A400%2C500%2C700%2C900&display=swap&subset=cyrillic%2Cvietnameseblockedstyle-src-elemstaging2.abc12362.sg-host.com/:4https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swapblockedstyle-src-elemstaging2.abc12362.sg-host.com/:4datablockedscript-src-elemstaging2.abc12362.sg-host.com/:0datablockedstyle-src-elemstaging2.abc12362.sg-host.com/:0https://fonts.googleapis.com/css?family=Raleway%3A300%2C400%2C700%2C800%2C900%7CRoboto%3A400%2C500%2C700%2C900&display=swap&subset=cyrillic%2Cvietnameseblockedstyle-src-elemstaging2.abc12362.sg-host.com/:0https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swapblockedstyle-src-elemstaging2.abc12362.sg-host.com/:0) The topic ‘CSP – inline/eval issues’ is closed to new replies. * ![](https://ps.w.org/wp-hide-security-enhancer/assets/icon-256x256.png?rev=2937681) * [WP Hide & Security Enhancer](https://wordpress.org/plugins/wp-hide-security-enhancer/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-hide-security-enhancer/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-hide-security-enhancer/) * [Active Topics](https://wordpress.org/support/plugin/wp-hide-security-enhancer/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-hide-security-enhancer/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-hide-security-enhancer/reviews/) * 0 replies * 1 participant * Last reply from: [refuge77](https://wordpress.org/support/users/refuge77/) * Last activity: [1 year, 5 months ago](https://wordpress.org/support/topic/csp-inline-eval-issues/) * Status: resolved