Title: JavaScript issues affecting WordPress 4.7.4 Last modified: May 7, 2017 --- # JavaScript issues affecting WordPress 4.7.4 * Resolved [martyno](https://wordpress.org/support/users/martyno/) * (@martyno) * [9 years ago](https://wordpress.org/support/topic/javascript-issues-affecting-wordpress-4-7-4/) * Since updating to WordPress 4.7.4, many aspects of my site have had some significant issues with JavaScript, which impacts on functionality. The most noticeable issues are: * Featured images on main page not showing correctly Unable to install themes, or amend widgets Layout of Twitter Widget Pro content not correctly rendered Unable to edit CSS of site elements * Steps I took to remedy: * Disabled all plugins Cleared browser cache Disabled all browser extensions Tried alternative browser Tried alternative browser on alternative machine Reinstalled version 4.7.4 Manually reinstalled version 4.7.4 * Nothing is able to prevent these issues. Something appears to be up with JavaScript in version 4.7.4 * Examples of the issues are seen [here.](https://imgur.com/a/JbdCV) Viewing 6 replies - 1 through 6 (of 6 total) * [sinip](https://wordpress.org/support/users/sinip/) * (@sinip) * [9 years ago](https://wordpress.org/support/topic/javascript-issues-affecting-wordpress-4-7-4/#post-9106030) * Probably noone will be able to come up with any usable advice before your website can be looked at… Especially since 4.7.4 in general cooperates perfectly well with JS. * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [9 years ago](https://wordpress.org/support/topic/javascript-issues-affecting-wordpress-4-7-4/#post-9106045) * Please provide a link to a page on your site where we can see this. Thanks. * Thread Starter [martyno](https://wordpress.org/support/users/martyno/) * (@martyno) * [9 years ago](https://wordpress.org/support/topic/javascript-issues-affecting-wordpress-4-7-4/#post-9106090) * Hi Steve, * Most of the issues affect the admin area, however my site is at [https://www.martynoconnor.net](https://www.martynoconnor.net) * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [9 years ago](https://wordpress.org/support/topic/javascript-issues-affecting-wordpress-4-7-4/#post-9106104) * I see a ton of errors on your home page in the error console. Are you setting specific content policy rules? Check with your host. * ``` Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-1x6PPKXnzEpPMuWlXM6HIdlCpymkX2DlxiOdPyE3C1k='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. www.martynoconnor.net/:172 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-OyKg6OHgnmapAcgq002yGA58wB21FOR7EcTwPWSs54E='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. www.martynoconnor.net/:188 Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Alegreya:400|Lato:400' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. www.martynoconnor.net/:190 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-3CotmZsU7tVPRXqpzeifmbi9CLJ93ed5BGbG/+jANv8='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. jquery-migrate.js:23 JQMIGRATE: Migrate is installed with logging active, version 1.4.1 www.martynoconnor.net/:200 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-7Bj5aw/GNYfygQ9YztReZ9I1OibXiF7SPBCorSSTJjs='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. ytprefs.js:203 Refused to load the script 'https://www.youtube.com/iframe_api' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. (anonymous) @ ytprefs.js:203 www.martynoconnor.net/:219 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-ByuPMwRqotcuD1ZobM5RaRb+1UY4gIlbCP5ly4BVu+E='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. www.martynoconnor.net/:274 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. www.martynoconnor.net/:527 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. www.martynoconnor.net/:1 Refused to load the image 'https://i2.wp.com/www.martynoconnor.net/wp-content/uploads/2017/04/perfect-flight-trip.png?w=1260' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback. www.martynoconnor.net/:1 Refused to load the image 'https://i0.wp.com/www.martynoconnor.net/wp-content/uploads/2017/04/Carl-Sagan-portrait-590x295.png?resize=590%2C295' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback. everything-spritev2.png Failed to load resource: the server responded with a status of 404 (Not Found) www.martynoconnor.net/:1 Refused to load the script 'https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201718' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. spin.js:42 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. ins @ spin.js:42 www.martynoconnor.net/:540 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-8g1K+6GLdh3uwCBiX6Y613m4qalG5lIQOpEew5Ew2aU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. www.martynoconnor.net/:1 Refused to load the script 'https://platform.twitter.com/widgets.js?ver=1.0.0' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. www.martynoconnor.net/:1 Refused to load the script 'https://stats.wp.com/e-201718.js' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. www.martynoconnor.net/:548 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-dNwvsf1ykVcw9ygR+xbmjG/m2teN7H0ELrjA9Fzi3c8='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. fitvids.js:24 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-anQSeQoEnQnBulZOQkDOFf+e6xBIGmqh7M8YFT992co='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. $.fn.fitVidsEP @ fitvids.js:24 jetpack-carousel.js:1461 Uncaught ReferenceError: jetpackCarouselStrings is not defined at HTMLDocument. (jetpack-carousel.js:1461) at i (jquery.js:2) at Object.fireWith [as resolveWith] (jquery.js:2) at Function.ready (jquery.js:2) at HTMLDocument.K (jquery.js:2) /favicon.ico Failed to load resource: the server responded with a status of 404 (Not Found) 4ytprefs.js:150 YT API init jquery.js:4 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. attr @ jquery.js:4 www.martynoconnor.net/:1 Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Alegreya:400|Lato:400' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. ``` * [sinip](https://wordpress.org/support/users/sinip/) * (@sinip) * [9 years ago](https://wordpress.org/support/topic/javascript-issues-affecting-wordpress-4-7-4/#post-9106107) * Well, here you have it… * ``` HTML1300: Navigation occurred. www.martynoconnor.net CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline script. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://fonts.googleapis.com/css?family=Alegreya:400|Lato:400. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline script. Resource will be blocked. JQMIGRATE: Migrate is installed with logging active, version 1.4.1 jquery-migrate.js (23,2) CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline script. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://www.youtube.com/iframe_api. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://i2.wp.com/www.martynoconnor.net/wp-content/uploads/2017/04/perfect-flight-trip.png?w=1260. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://i0.wp.com/www.martynoconnor.net/wp-content/uploads/2017/04/Carl-Sagan-portrait-590x295.png?resize=590%2C295. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked. HTTP404: NOT FOUND - The server has not found anything matching the requested URI (Uniform Resource Identifier). GET - https://www.martynoconnor.net/wp-content/themes/me/everything-spritev2.png CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201718. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline script. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://platform.twitter.com/widgets.js?ver=1.0.0. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: https://stats.wp.com/e-201718.js. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline script. Resource will be blocked. SCRIPT5009: 'jetpackCarouselStrings' is undefined jetpack-carousel.js (1461,2) CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked. CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: inline style. Resource will be blocked. YT API init ytprefs.js (150,29) YT API init ytprefs.js (150,29) YT API init ytprefs.js (150,29) YT API init ytprefs.js (150,29) ``` * JetPack seems to be involved. * Thread Starter [martyno](https://wordpress.org/support/users/martyno/) * (@martyno) * [9 years ago](https://wordpress.org/support/topic/javascript-issues-affecting-wordpress-4-7-4/#post-9106177) * Thanks guys, that’s helped me track it down. My Content Security Policy was too strict! Confirmed that this is not a bug with WordPress, it was my Apache config that was too strict, causing failures in Jetpack elements that call elsewhere. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘JavaScript issues affecting WordPress 4.7.4’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 6 replies * 3 participants * Last reply from: [martyno](https://wordpress.org/support/users/martyno/) * Last activity: [9 years ago](https://wordpress.org/support/topic/javascript-issues-affecting-wordpress-4-7-4/#post-9106177) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics