Some mistakes, please help

Resolved

bulls_shark

(@bulls_shark)

6 years, 10 months ago

Hello I have saved the content security policy and can now nothing in the plugin change what is it?

For this I can under Plugins no Detials to the Plugin retrieve.

And now I do not know if I receive updates and notifications from Themeforest as well as from WordPress.

Hope you can help me. Thank you


X-Frame-Options	- SAMEORIGIN
X-XSS-Protection - 1; mode=block
X-Content-Type-Options - nosniff
Strict-Transport-Security- max-age=31536000; includeSubDomains; preload
Referrer-Policy	- no-referrer
Cookie security	✔ Secure ✔ HttpOnly ✔ SameSite - Strict
Expect-CT - max-age=3600, report-uri="https://domain/reportOnly
X-DNS-Prefetch-Control - on
X-Download-Options - noopen
X-Permitted-Cross-Domain-Policies - master-only
Feature-Policy - camera 'none'; microphone 'none

Content-Security-Policy	
default-src 'self' blob: onesignal.com www.google-analytics.com twitter.com platform.twitter.com apis.google.com fonts.googleapis.com connect.facebook.net www.youtube.com accounts.google.com fonts.gstatic.com static.ak.facebook.com s-static.ak.facebook.com www.facebook.com ssl.gstatic.com soundcloud.com; 

script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.onesignal.com https://onesignal.com https://www.youtube-nocookie.com https://*.googleapis.com *.soundcloud.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* wss://*.facebook.com:* attachment.fbsbx.com https://ajax.googleapis.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://onesignal.com; 

img-src 'self' https: https://onesignal.com https://img.youtube.com https://secure.gravatar.com https://s.w.org https://ww.wp.xz.cn https://ps.w.org data:; 

X-UA-Compatible -IE=edge,chrome=1
X-Powered-By - Unset
Connection - keep-alive
connect-src 'self'; 
font-src 'self' https://fonts.gstatic.com data;; 
media-src 'self'; 
form-action 'none'; 
frame-ancestors 'none'; 
object-src 'self'; 
frame-src 'self' https://cdn.onesignal.com https://onesignal.com https://*.youtube.com https://w.soundcloud.com; 
base-uri 'none'

This topic was modified 6 years, 10 months ago by Steven Stern (sterndata).
This topic was modified 6 years, 10 months ago by Jan Dembowski.

Viewing 6 replies - 1 through 6 (of 6 total)

Thread Starter

bulls_shark

(@bulls_shark)

6 years, 10 months ago

I receive the following error message


lazyload.min.js:1 Refused to frame 'https://www.google.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://cdn.onesignal.com https://onesignal.com https://*.youtube.com https://w.soundcloud.com".

a......js:3 JQMIGRATE: Migrate is installed, version 1.4.1
connect.facebook.net/:1 Refused to frame 'https://staticxx.facebook.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://cdn.onesignal.com https://onesignal.com https://*.youtube.com https://w.soundcloud.com".

connect.facebook.net/:1 Refused to frame 'https://www.facebook.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://cdn.onesignal.com https://onesignal.com https://*.youtube.com https://w.soundcloud.com".

This reply was modified 6 years, 10 months ago by Steven Stern (sterndata).
This reply was modified 6 years, 10 months ago by Jan Dembowski.

Plugin Author

Dimitar Ivanov

(@zinoui)

6 years, 10 months ago

Hi @bulls_shark

The errors are pretty descriptive, just add those origins to your “frame-src” directive.

Thread Starter

bulls_shark

(@bulls_shark)

6 years, 10 months ago

Hello thanks I totally overlooked, unfortunately he does not let me save the settings and plugins (Plugins Detials) the information is not loaded. did I forget something here?

Thread Starter

bulls_shark

(@bulls_shark)

6 years, 10 months ago

Error Log:


Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL> data".

plugins.php:1363 Refused to load the script 'https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.onesignal.com https://onesignal.com https://www.youtube-nocookie.com https://*.googleapis.com *.soundcloud.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* wss://*.facebook.com:* attachment.fbsbx.com https://ajax.googleapis.com https://*.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

(anonymous) @ plugins.php:1363
about:blank:1 Refused to display 'https://domain/wp-admin/plugin-install.php?tab=plugin-information&plugin=http-headers&' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2 Uncaught DOMException: Blocked a frame with origin "https://Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL> data".

plugins.php:1363 Refused to load the script 'https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.onesignal.com https://onesignal.com https://www.youtube-nocookie.com https://*.googleapis.com *.soundcloud.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* wss://*.facebook.com:* attachment.fbsbx.com https://ajax.googleapis.com https://*.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

(anonymous) @ plugins.php:1363
about:blank:1 Refused to display 'https://domain/wp-admin/plugin-install.php?tab=plugin-information&plugin=http-headers&' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2 Uncaught DOMException: Blocked a frame with origin "https://Thanks for the great support, as a beginner, this is not so easy.at" from accessing a cross-origin frame.

    at contents (https:// domain /wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2:26829)

    at Function.map (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2:3637)

    at a.fn.init.n.fn.<computed> [as contents] (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2:26909)

    at b (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,jquery-ui-widget,jquery-ui-mouse,jquery-ui-resizable,jquery-ui-draggable,jquery-ui-button,jquery-ui&load%5B%5D=-position,jquery-ui-dialog,thickbox,underscore,wp-util,wp-a11y,updates,plugin-install,svg-painter&ver=5.2.2:425:87)

    at HTMLBodyElement.<anonymous> (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,jquery-ui-widget,jquery-ui-mouse,jquery-ui-resizable,jquery-ui-draggable,jquery-ui-button,jquery-ui&load%5B%5D=-position,jquery-ui-dialog,thickbox,underscore,wp-util,wp-a11y,updates,plugin-install,svg-painter&ver=5.2.2:425:1297)
    at HTMLBodyElement.dispatch (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:12369)
    at HTMLBodyElement.r.handle (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:9088)
    at Object.trigger (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:11488)
    at Object.a.event.trigger (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:8:8275)
    at HTMLDivElement.<anonymous> (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:18865)
.at" from accessing a cross-origin frame.

    at contents (https:// domain /wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2:26829)

    at Function.map (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2:3637)

    at a.fn.init.n.fn.<computed> [as contents] (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2:26909)

    at b (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,jquery-ui-widget,jquery-ui-mouse,jquery-ui-resizable,jquery-ui-draggable,jquery-ui-button,jquery-ui&load%5B%5D=-position,jquery-ui-dialog,thickbox,underscore,wp-util,wp-a11y,updates,plugin-install,svg-painter&ver=5.2.2:425:87)

    at HTMLBodyElement.<anonymous> (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,jquery-ui-widget,jquery-ui-mouse,jquery-ui-resizable,jquery-ui-draggable,jquery-ui-button,jquery-ui&load%5B%5D=-position,jquery-ui-dialog,thickbox,underscore,wp-util,wp-a11y,updates,plugin-install,svg-painter&ver=5.2.2:425:1297)
    at HTMLBodyElement.dispatch (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:12369)
    at HTMLBodyElement.r.handle (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:9088)
    at Object.trigger (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:11488)
    at Object.a.event.trigger (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:8:8275)
    at HTMLDivElement.<anonymous> (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:18865)