Title: Fix Content Security Policy without plugin
Last modified: September 29, 2021

---

# Fix Content Security Policy without plugin

 *  [Chris8081](https://wordpress.org/support/users/chris8081/)
 * (@chris8081)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/fix-content-security-policy-without-plugin/)
 * Hello,
 * I’m using NGINX, WP, Astra theme, Gutenberg and a HTML code block.
 * `<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>`
 * When I load the page in the browser, I see in the console:
 * `Content Security Policy: The page’s settings blocked the loading of a resource
   at inline (“script-src”).`
 * What’s the easiest way to fix this issue, without installing a plugin?
    -  This topic was modified 4 years, 8 months ago by [Chris8081](https://wordpress.org/support/users/chris8081/).

Viewing 6 replies - 1 through 6 (of 6 total)

 *  [Kuldeep](https://wordpress.org/support/users/soberbanda/)
 * (@soberbanda)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/fix-content-security-policy-without-plugin/#post-14919287)
 * [@chris8081](https://wordpress.org/support/users/chris8081/) Here is something
   that might be useful:
 * > [https://content-security-policy.com/examples/allow-inline-script/](https://content-security-policy.com/examples/allow-inline-script/)
   > 
   > [https://www.reddit.com/r/firefox/comments/bb94fj/error_on_website_redesign_the_pages_settings/](https://www.reddit.com/r/firefox/comments/bb94fj/error_on_website_redesign_the_pages_settings/)
 * Let me know how it goes 🙂
 *  Thread Starter [Chris8081](https://wordpress.org/support/users/chris8081/)
 * (@chris8081)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/fix-content-security-policy-without-plugin/#post-14919834)
 * No, couldn’t get it working.
    I’ve downloaded all Charts.js libs from the CDNs
   and uploaded them to my server.
 *  [Kuldeep](https://wordpress.org/support/users/soberbanda/)
 * (@soberbanda)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/fix-content-security-policy-without-plugin/#post-14919890)
 * [@chris8081](https://wordpress.org/support/users/chris8081/) Did u try it with
   iframe code: [https://www.wpbeginner.com/wp-tutorials/how-to-easily-embed-iframe-code-in-wordpress/](https://www.wpbeginner.com/wp-tutorials/how-to-easily-embed-iframe-code-in-wordpress/)
 * See if it works 🙂
 *  [Dion](https://wordpress.org/support/users/diondesigns/)
 * (@diondesigns)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/fix-content-security-policy-without-plugin/#post-14920778)
 * The way to fix this issue is to locate what is setting that policy, and then 
   remove the setting. It’s probably your nginx configuration, but it could also
   be one of your plugins.
 *  Thread Starter [Chris8081](https://wordpress.org/support/users/chris8081/)
 * (@chris8081)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/fix-content-security-policy-without-plugin/#post-14920986)
 * [@soberbanda](https://wordpress.org/support/users/soberbanda/) I’m not sure how
   I can add a JS with an iframe? Especially when I reference the JS from a div 
   below.
 * [@diondesigns](https://wordpress.org/support/users/diondesigns/) Yes, I’ve been
   in the NGINX config. It’s not mentioned there. I’ve copied a directive into my
   config and restarted. But it didn’t change anything. (I’ve not changed the config
   in a while and it was working before).
    It could be that the CSP comes from a
   plugin or theme – I just didn’t see how to figure it out and afterwards maybe
   even more complicated, how to change it.
 *  [Kuldeep](https://wordpress.org/support/users/soberbanda/)
 * (@soberbanda)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/fix-content-security-policy-without-plugin/#post-14921013)
 * [@chris8081](https://wordpress.org/support/users/chris8081/) Have a look at this
   workaround: [https://stackoverflow.com/questions/18369410/how-to-add-javascript-code-into-existing-iframe-using-jquery](https://stackoverflow.com/questions/18369410/how-to-add-javascript-code-into-existing-iframe-using-jquery)

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Fix Content Security Policy without plugin’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 6 replies
 * 3 participants
 * Last reply from: [Kuldeep](https://wordpress.org/support/users/soberbanda/)
 * Last activity: [4 years, 8 months ago](https://wordpress.org/support/topic/fix-content-security-policy-without-plugin/#post-14921013)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics