JavaScript issues affecting WordPress 4.7.4

  • Resolved martyno

    (@martyno)


    9 years ago

    Since updating to WordPress 4.7.4, many aspects of my site have had some significant issues with JavaScript, which impacts on functionality. The most noticeable issues are:

    Featured images on main page not showing correctly
    Unable to install themes, or amend widgets
    Layout of Twitter Widget Pro content not correctly rendered
    Unable to edit CSS of site elements

    Steps I took to remedy:

    Disabled all plugins
    Cleared browser cache
    Disabled all browser extensions
    Tried alternative browser
    Tried alternative browser on alternative machine
    Reinstalled version 4.7.4
    Manually reinstalled version 4.7.4

    Nothing is able to prevent these issues. Something appears to be up with JavaScript in version 4.7.4

    Examples of the issues are seen here.

Viewing 6 replies - 1 through 6 (of 6 total)
  • sinip

    (@sinip)

    9 years ago

    Probably noone will be able to come up with any usable advice before your website can be looked at… Especially since 4.7.4 in general cooperates perfectly well with JS.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    9 years ago

    Please provide a link to a page on your site where we can see this. Thanks.

    Thread Starter martyno

    (@martyno)

    9 years ago

    Hi Steve,

    Most of the issues affect the admin area, however my site is at https://www.martynoconnor.net

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    9 years ago

    I see a ton of errors on your home page in the error console. Are you setting specific content policy rules? Check with your host.

    Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-1x6PPKXnzEpPMuWlXM6HIdlCpymkX2DlxiOdPyE3C1k='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

www.martynoconnor.net/:172 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-OyKg6OHgnmapAcgq002yGA58wB21FOR7EcTwPWSs54E='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

www.martynoconnor.net/:188 Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Alegreya:400|Lato:400' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

www.martynoconnor.net/:190 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-3CotmZsU7tVPRXqpzeifmbi9CLJ93ed5BGbG/+jANv8='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

jquery-migrate.js:23 JQMIGRATE: Migrate is installed with logging active, version 1.4.1
www.martynoconnor.net/:200 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-7Bj5aw/GNYfygQ9YztReZ9I1OibXiF7SPBCorSSTJjs='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

ytprefs.js:203 Refused to load the script 'https://www.youtube.com/iframe_api' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

(anonymous) @ ytprefs.js:203
www.martynoconnor.net/:219 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-ByuPMwRqotcuD1ZobM5RaRb+1UY4gIlbCP5ly4BVu+E='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

www.martynoconnor.net/:274 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

www.martynoconnor.net/:527 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

www.martynoconnor.net/:1 Refused to load the image 'https://i2.wp.com/www.martynoconnor.net/wp-content/uploads/2017/04/perfect-flight-trip.png?w=1260' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

www.martynoconnor.net/:1 Refused to load the image 'https://i0.wp.com/www.martynoconnor.net/wp-content/uploads/2017/04/Carl-Sagan-portrait-590x295.png?resize=590%2C295' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

everything-spritev2.png Failed to load resource: the server responded with a status of 404 (Not Found)
www.martynoconnor.net/:1 Refused to load the script 'https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201718' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

spin.js:42 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

ins @ spin.js:42
www.martynoconnor.net/:540 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-8g1K+6GLdh3uwCBiX6Y613m4qalG5lIQOpEew5Ew2aU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

www.martynoconnor.net/:1 Refused to load the script 'https://platform.twitter.com/widgets.js?ver=1.0.0' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

www.martynoconnor.net/:1 Refused to load the script 'https://stats.wp.com/e-201718.js' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

www.martynoconnor.net/:548 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-dNwvsf1ykVcw9ygR+xbmjG/m2teN7H0ELrjA9Fzi3c8='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

fitvids.js:24 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-anQSeQoEnQnBulZOQkDOFf+e6xBIGmqh7M8YFT992co='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

$.fn.fitVidsEP @ fitvids.js:24
jetpack-carousel.js:1461 Uncaught ReferenceError: jetpackCarouselStrings is not defined
    at HTMLDocument.<anonymous> (jetpack-carousel.js:1461)
    at i (jquery.js:2)
    at Object.fireWith [as resolveWith] (jquery.js:2)
    at Function.ready (jquery.js:2)
    at HTMLDocument.K (jquery.js:2)
/favicon.ico Failed to load resource: the server responded with a status of 404 (Not Found)
4ytprefs.js:150 YT API init
jquery.js:4 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

attr @ jquery.js:4
www.martynoconnor.net/:1 Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Alegreya:400|Lato:400' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
    sinip

    (@sinip)

    9 years ago

    Well, here you have it…

    HTML1300: Navigation occurred.
www.martynoconnor.net
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline script. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://fonts.googleapis.com/css?family=Alegreya:400|Lato:400. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline script. Resource will be blocked.
JQMIGRATE: Migrate is installed with logging active, version 1.4.1
jquery-migrate.js (23,2)
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline script. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://www.youtube.com/iframe_api. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://i2.wp.com/www.martynoconnor.net/wp-content/uploads/2017/04/perfect-flight-trip.png?w=1260. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://i0.wp.com/www.martynoconnor.net/wp-content/uploads/2017/04/Carl-Sagan-portrait-590x295.png?resize=590%2C295. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked.
HTTP404: NOT FOUND - The server has not found anything matching the requested URI (Uniform Resource Identifier).
GET - https://www.martynoconnor.net/wp-content/themes/me/everything-spritev2.png
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201718. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline script. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://platform.twitter.com/widgets.js?ver=1.0.0. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://stats.wp.com/e-201718.js. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline script. Resource will be blocked.
SCRIPT5009: 'jetpackCarouselStrings' is undefined
jetpack-carousel.js (1461,2)
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked.
YT API init
ytprefs.js (150,29)
YT API init
ytprefs.js (150,29)
YT API init
ytprefs.js (150,29)
YT API init
ytprefs.js (150,29)

    JetPack seems to be involved.

    Thread Starter martyno

    (@martyno)

    9 years ago

    Thanks guys, that’s helped me track it down. My Content Security Policy was too strict! Confirmed that this is not a bug with WordPress, it was my Apache config that was too strict, causing failures in Jetpack elements that call elsewhere.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘JavaScript issues affecting WordPress 4.7.4’ is closed to new replies.