Content Security Policy

  • Resolved George wp-website-mastery

    (@lernerconsult)


    5 years, 7 months ago

    What Content Security Policy line needs to be updated to allow reading https://updates.sgvps.net/supported-versions.json ?
    Better, of course, is to include the data at the server, no separate request.

    Even adding updates.sgvps.net to the default-src section of my CSP in .htaccess has no effect on this error. So, I am guessing it would require an ‘unsafe-inline’ in the CSP; defeats the point of using a CSP.

    
Content Security Policy: The page’s settings blocked the loading of a resource at https://updates.sgvps.net/supported-versions.json (“default-src”).

    With this file not getting loaded, the SG Optimizer page shows content briefly then all content in <div id=”sg-optimizer-app”> disappears. 

    
<div id="sg-optimizer-app"></div>

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Stanimir Stoyanov

    (@sstoqnov)

    SiteGround Representative

    5 years, 7 months ago

    Hey @lernerconsult,

    You have Content Security Policy rules in your htaccess, which block the request to our PHP supported versions file.

    Removing those lines fixes the issue.

    Regards,
    Stanimir

    Thread Starter George wp-website-mastery

    (@lernerconsult)

    5 years, 7 months ago

    Got it Working.

    I couldn’t trace what part of the CSP to modify.

    Put updates.sgvps.net in Each section of the CSP, in public_html/.htaccess and it was blocked.

    Firefox Developer Tools, and the Chromium Inspector, show a CSP for that file that is very different than I usually see; very different than what I had just been editing.

    Found public_html/wp-admin/.htaccess had a CSP, very incomplete, deleted it.

    Now Firefox and Chrome say a normal “connect-src” instead of failing “default-src”.

    Chromium Inspector says Refused to connect to 'https://updates.sgvps.net/supported-versions.json' because it violates the following Content Security Policy directive: connect-src

    Add updates.sgvps.net to the connect-src section and the plugin works as expected.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Content Security Policy’ is closed to new replies.