Title: Plugin script blocked when using a strict content security policy
Last modified: May 15, 2026

---

# Plugin script blocked when using a strict content security policy

 *  Resolved [jhagedorn1](https://wordpress.org/support/users/jhagedorn1/)
 * (@jhagedorn1)
 * [1 week ago](https://wordpress.org/support/topic/plugin-script-blocked-when-using-a-strict-content-security-policy/)
 * Hello, I am applying a strict content security policy (CSP) to my WordPress sites
   using the [Strict CSP plugin](https://wordpress.org/plugins/strict-csp/).
   This
   small block of JavaScript in the PublishPress Permissions plugin is getting blocked
   on all the site’s front-end pages in browsers when the Strict CSP plugin is active:
 *     ```wp-block-code
       <script type="text/javascript">  document.querySelectorAll("ul.nav-menu").forEach(    ulist => {      if (ulist.querySelectorAll("li").length == 0) {        ulist.style.display = "none";      }    }  );</script>
       ```
   
 * In browser dev tools, a console error of the CSP violation and script block appears.
   Chrome, for example, starts with this: “Executing inline script violates the 
   following Content Security Policy directive …”.
 * All other plugin scripts in my sites are receiving the nonce required for the
   strict CSP, except for the one above from your plugin. This may be due to your
   plugin manually printing the script tag instead of using the WordPress helper
   functions, as described on the [Strict CSP plugin page](https://wordpress.org/plugins/strict-csp/).
 * Other than that method, if your plugin has another way to opt into a strict CSP,
   please let me know.
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fplugin-script-blocked-when-using-a-strict-content-security-policy%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 1 replies (of 1 total)

 *  Plugin Author [Steve Burge](https://wordpress.org/support/users/stevejburge/)
 * (@stevejburge)
 * [3 days, 14 hours ago](https://wordpress.org/support/topic/plugin-script-blocked-when-using-a-strict-content-security-policy/#post-18912642)
 * Thanks for the report [@jhagedorn1](https://wordpress.org/support/users/jhagedorn1/).
   In the short term, you can add `define('PRESSPERMIT_NO_NAV_MENU_SCRIPTS', true);`
   to `wp-config.php`
 * Longer term, we’ll fix this in the plugin: [https://github.com/publishpress/publishpress-permissions/issues/2345](https://github.com/publishpress/publishpress-permissions/issues/2345)

Viewing 1 replies (of 1 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fplugin-script-blocked-when-using-a-strict-content-security-policy%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/press-permit-core/assets/icon-256x256.png?rev=3409953)
 * [PublishPress Permissions: Control User Access for Posts, Pages, Categories, Tags](https://wordpress.org/plugins/press-permit-core/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/press-permit-core/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/press-permit-core/)
 * [Active Topics](https://wordpress.org/support/plugin/press-permit-core/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/press-permit-core/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/press-permit-core/reviews/)

## Tags

 * [CSP](https://wordpress.org/support/topic-tag/csp/)

 * 1 reply
 * 2 participants
 * Last reply from: [Steve Burge](https://wordpress.org/support/users/stevejburge/)
 * Last activity: [3 days, 14 hours ago](https://wordpress.org/support/topic/plugin-script-blocked-when-using-a-strict-content-security-policy/#post-18912642)
 * Status: resolved