Kan script tag niet laten werken in landing pages plugin vanwege content-security-policy

Ondersteuning
1

inline js script tag wordt niet geladen vanwege csp en ik weet niet hoe ik het moet oplossen.

2 likes
2

There’s some information in this post that may help: Mitigate XSS Attacks with Content Security Policy

1 like
3

Ik heb dat en andere gelezen, maar kan niet achterhalen hoe ik de uitzondering daadwerkelijk moet toevoegen aan de content_security_policy_script_src.

1 like
4

Do you see an error concerning the script in your browser console? something like this?

A red error message in a web browser details a security policy violation preventing inline script execution, referencing directives and required keywords like 'unsafe-inline' or a nonce for enabling the script. (Captioned by AI)
A red error message in a web browser details a security policy violation preventing inline script execution, referencing directives and required keywords like 'unsafe-inline' or a nonce for enabling the script. (Captioned by AI)1280×132 27.9 KB

You’ll want to add that provided hash ('sha256-xxxxx') to the “content security policy script src” setting found in admin > all site settings

1 like
5

De fout die ik kreeg had nonce-s0m3h4sh in de Firefox-browser, ik kreeg de sha256-s0m3h4sh niet. Maar toen ik het net in Chrome bekeek, was het de sha256-versie. Ik vermoed dat dat de oorzaak was van de meeste verwarring.

2 likes
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.