• Hello, I have a strange problem when NinjaFirewall is activated in WP 7.0+ When I create a new post, the content field cannot is missing. I cannot add a title and content. If I deactivate NinjaF, there is no problem.

    I had the same problem, but only when editing blocks compositions, with WP 6.9+ (and maybe previous version.

    And last strange thing : I have no problem with my test site (same webhoster). So it does not work only for my sites in production.

    I’ve tried with all plugins deactivated and default theme.

    • This topic was modified 3 days, 19 hours ago by Li-An.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor bruandet

    (@bruandet)

    Do you see anything in the firewall log? Any blocked requests (e.g. admin AJAX, REST API etc)?

    Check also your browser’s console when trying to edit the post : CTRL + shift + j. That could be a JS problem related to the Firewall Policies > Advanced Policies > HTTP response headers.

    Thread Starter Li-An

    (@li-an)

    Thanks for your quick answer. Deactivating Set Content-Security-Policy for the WordPress admin dashboard does the trick.

    If I look at the Console, I have

    Loading the stylesheet ‘https://fonts.bunny.net/css?family=Roboto:400,500,700’ violates the following Content Security Policy directive: “style-src ‘self’ ‘unsafe-inline’ *.googleapis.com *.google.com *.jquery.com”. Note that ‘style-src-elem’ was not explicitly set, so ‘style-src’ is used as a fallback. The action has been blocked.


    Framing ‘blob:https://www.li-an.fr/d457286f-aeca-485a-aeee-c12c1502ae44’ violates the following Content Security Policy directive: “child-src ‘self’ *.videopress.com *.google.com”. The request has been blocked. Note that ‘frame-src’ was not explicitly set, so ‘child-src’ is used as a fallback.

    101.js:1 Loading the script ‘https://js.stripe.com/clover/stripe.js’ violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ *.videopress.com *.google.com *.wp.com”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback. The action has been blocked.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.