CSP strange bevavior

  • Resolved Laser Ulm

    (@laser1ulm)


    4 years, 8 months ago

    Hi!

    I have a problem with the Content Security Policy.
    I have it in the .htaccess and excluding object-src everything is ‘self’ and data: plus different image sources and Paypal and Amazon Pay…

    Everything looks ok but cart, checkout and My Account.
    There suddenly at the very top is a white field with title and subtitle of the page, the design of the menu disappears and the social media buttons in a widget are too big.
    Also the buttons and tables in checkout are not correct (and the link colors…).

    You can see it in my test installation: https://bkupursu.laser-ulm.eu/

    If I comment Header set Content-Security-Policy out in the .htaccess everything looks fine.

    Any ideas?

    Thank you and kind regards
    Laser

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support B C. a11n

    (@battouly)

    4 years, 8 months ago

    Hi @laser1ulm,

    I visited the link https://bkupursu.laser-ulm.eu/ and noticed the following:

    Link to image: https://d.pr/08QDyZ

    It looks like you would like to have it display without that section and look like this:

    Link to image: https://d.pr/i/VlQ187

    If this is what you want to see, you can simply make use of custom CSS code to hide the header from the frontend and not touch the HTTP Content-Security-Policy. It is important for your site to have the CSP as an added security layer.

    You can use the code below and add it to the Additional CSS section in the Customizer, then publish. 

    
.site-header-inner {
    display: none;
}

    I hope this helps. Let me know if there’s something I missed.

    Thread Starter Laser Ulm

    (@laser1ulm)

    4 years, 8 months ago

    Hi @battouly!

    Thank you.
    But that doesn’t change a thing – I already made this in WordPress theme, see the start page.
    And compare the menu between the backup and live version or between the New-site and cart site.

    ! This is only on sites with WooCommerce. Compare it with News or ursu. That’s why I guess that WC changes something when CSP is enabled… I’m really confused… !

    Also the social media buttons (look normal in News and ursu). And in checkout (you have to put sth into cart, but you don’t have to buy^^) the additional text for example for direct banking. Normally this only shows up when you choose direct banking (also only with enabled CSP).

    It’s definitly a correlation between WC and CSP.

    Thanks and regards
    Laser

    Mirko P.

    (@rainfallnixfig)

    4 years, 8 months ago

    Hi @laser1ulm,

    Just so you know, WooCommerce does not control the style of your site. It’s the theme you’re using that controls the styling. Having said that, you’d want to reach out to your theme authors to fix any related style issue you may encounter or get in contact with a customization expert https://woocommerce.com/customizations/.

    On this forum, we provide support for WooCommerce core functionality. For not complex fixes, we’re also able to provide CSS code but most of the time theme developers are best positioned to assist with that.

    Hope this clarifies.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘CSP strange bevavior’ is closed to new replies.