Support » Plugin: HTTP Headers » Some mistakes, please help

  • Resolved bulls_shark

    (@bulls_shark)


    Hello I have saved the content security policy and can now nothing in the plugin change what is it?

    For this I can under Plugins no Detials to the Plugin retrieve.

    And now I do not know if I receive updates and notifications from Themeforest as well as from WordPress.

    Hope you can help me. Thank you

    
    X-Frame-Options	- SAMEORIGIN
    X-XSS-Protection - 1; mode=block
    X-Content-Type-Options - nosniff
    Strict-Transport-Security- max-age=31536000; includeSubDomains; preload
    Referrer-Policy	- no-referrer
    Cookie security	✔ Secure ✔ HttpOnly ✔ SameSite - Strict
    Expect-CT - max-age=3600, report-uri="https://domain/reportOnly
    X-DNS-Prefetch-Control - on
    X-Download-Options - noopen
    X-Permitted-Cross-Domain-Policies - master-only
    Feature-Policy - camera 'none'; microphone 'none
    
    Content-Security-Policy	
    default-src 'self' blob: onesignal.com www.google-analytics.com twitter.com platform.twitter.com apis.google.com fonts.googleapis.com connect.facebook.net www.youtube.com accounts.google.com fonts.gstatic.com static.ak.facebook.com s-static.ak.facebook.com www.facebook.com ssl.gstatic.com soundcloud.com; 
    
    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.onesignal.com https://onesignal.com https://www.youtube-nocookie.com https://*.googleapis.com *.soundcloud.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* wss://*.facebook.com:* attachment.fbsbx.com https://ajax.googleapis.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://onesignal.com; 
    
    img-src 'self' https: https://onesignal.com https://img.youtube.com https://secure.gravatar.com https://s.w.org https://wordpress.org https://ps.w.org data:; 
    
    X-UA-Compatible -IE=edge,chrome=1
    X-Powered-By - Unset
    Connection - keep-alive
    connect-src 'self'; 
    font-src 'self' https://fonts.gstatic.com data;; 
    media-src 'self'; 
    form-action 'none'; 
    frame-ancestors 'none'; 
    object-src 'self'; 
    frame-src 'self' https://cdn.onesignal.com https://onesignal.com https://*.youtube.com https://w.soundcloud.com; 
    base-uri 'none'
    
Viewing 6 replies - 1 through 6 (of 6 total)
  • bulls_shark

    (@bulls_shark)

    I receive the following error message

    
    lazyload.min.js:1 Refused to frame 'https://www.google.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://cdn.onesignal.com https://onesignal.com https://*.youtube.com https://w.soundcloud.com".
    
    a......js:3 JQMIGRATE: Migrate is installed, version 1.4.1
    connect.facebook.net/:1 Refused to frame 'https://staticxx.facebook.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://cdn.onesignal.com https://onesignal.com https://*.youtube.com https://w.soundcloud.com".
    
    connect.facebook.net/:1 Refused to frame 'https://www.facebook.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://cdn.onesignal.com https://onesignal.com https://*.youtube.com https://w.soundcloud.com".
    
    Plugin Author Dimitar Ivanov

    (@zinoui)

    Hi @bulls_shark

    The errors are pretty descriptive, just add those origins to your “frame-src” directive.

    bulls_shark

    (@bulls_shark)

    Hello thanks I totally overlooked, unfortunately he does not let me save the settings and plugins (Plugins Detials) the information is not loaded. did I forget something here?

    bulls_shark

    (@bulls_shark)

    Error Log:

    
    Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL> data".
    
    plugins.php:1363 Refused to load the script 'https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.onesignal.com https://onesignal.com https://www.youtube-nocookie.com https://*.googleapis.com *.soundcloud.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* wss://*.facebook.com:* attachment.fbsbx.com https://ajax.googleapis.com https://*.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
    
    (anonymous) @ plugins.php:1363
    about:blank:1 Refused to display 'https://domain/wp-admin/plugin-install.php?tab=plugin-information&plugin=http-headers&' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
    load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2 Uncaught DOMException: Blocked a frame with origin "https://Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' <URL> data".
    
    plugins.php:1363 Refused to load the script 'https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.onesignal.com https://onesignal.com https://www.youtube-nocookie.com https://*.googleapis.com *.soundcloud.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* wss://*.facebook.com:* attachment.fbsbx.com https://ajax.googleapis.com https://*.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
    
    (anonymous) @ plugins.php:1363
    about:blank:1 Refused to display 'https://domain/wp-admin/plugin-install.php?tab=plugin-information&plugin=http-headers&' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
    load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2 Uncaught DOMException: Blocked a frame with origin "https://Thanks for the great support, as a beginner, this is not so easy.at" from accessing a cross-origin frame.
    
        at contents (https:// domain /wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2:26829)
    
        at Function.map (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2:3637)
    
        at a.fn.init.n.fn.<computed> [as contents] (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2:26909)
    
        at b (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,jquery-ui-widget,jquery-ui-mouse,jquery-ui-resizable,jquery-ui-draggable,jquery-ui-button,jquery-ui&load%5B%5D=-position,jquery-ui-dialog,thickbox,underscore,wp-util,wp-a11y,updates,plugin-install,svg-painter&ver=5.2.2:425:87)
    
        at HTMLBodyElement.<anonymous> (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,jquery-ui-widget,jquery-ui-mouse,jquery-ui-resizable,jquery-ui-draggable,jquery-ui-button,jquery-ui&load%5B%5D=-position,jquery-ui-dialog,thickbox,underscore,wp-util,wp-a11y,updates,plugin-install,svg-painter&ver=5.2.2:425:1297)
        at HTMLBodyElement.dispatch (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:12369)
        at HTMLBodyElement.r.handle (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:9088)
        at Object.trigger (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:11488)
        at Object.a.event.trigger (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:8:8275)
        at HTMLDivElement.<anonymous> (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:18865)
    .at" from accessing a cross-origin frame.
    
        at contents (https:// domain /wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2:26829)
    
        at Function.map (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2:3637)
    
        at a.fn.init.n.fn.<computed> [as contents] (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:2:26909)
    
        at b (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,jquery-ui-widget,jquery-ui-mouse,jquery-ui-resizable,jquery-ui-draggable,jquery-ui-button,jquery-ui&load%5B%5D=-position,jquery-ui-dialog,thickbox,underscore,wp-util,wp-a11y,updates,plugin-install,svg-painter&ver=5.2.2:425:87)
    
        at HTMLBodyElement.<anonymous> (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,jquery-ui-widget,jquery-ui-mouse,jquery-ui-resizable,jquery-ui-draggable,jquery-ui-button,jquery-ui&load%5B%5D=-position,jquery-ui-dialog,thickbox,underscore,wp-util,wp-a11y,updates,plugin-install,svg-painter&ver=5.2.2:425:1297)
        at HTMLBodyElement.dispatch (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:12369)
        at HTMLBodyElement.r.handle (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:9088)
        at Object.trigger (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:11488)
        at Object.a.event.trigger (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:8:8275)
        at HTMLDivElement.<anonymous> (https:// domain.at/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-core&ver=5.2.2:3:18865)
    
    bulls_shark

    (@bulls_shark)

    Thanks for the great support, as a beginner, this is not so easy

    bulls_shark

    (@bulls_shark)

    Thanks now have the right settings. Now I look through. Thanks again for your time

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Some mistakes, please help’ is closed to new replies.