LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   How to solve Content-Security-Policy and Permissions-Policy? (https://www.linuxquestions.org/questions/linux-server-73/how-to-solve-content-security-policy-and-permissions-policy-4175690732/)

n00b_noob 02-18-2021 06:45 AM
How to solve Content-Security-Policy and Permissions-Policy?
 
2 Attachment(s)
Hello,
I have a WordPress website and checked it with https://securityheaders.com/ website and it show me an error about “Content Security Policy (CSP)” and "Permissions-Policy" headers. I changed my Apache configuration and added below line to it:
Code:
Header set Content-Security-Policy-Report-Only "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"
But, problem not solved. Chromium show me some issues.
How can I solve it?

Thank you.

n00b_noob 02-20-2021 12:45 AM
Hello,
Any idea about it?
To solve "Permissions-Policy", I added below line to "httpd.conf" and it solved:
Code:
Header always set Permissions-Policy "geolocation=();midi=();notifications=();push=();sync-xhr=();microphone=();camera=();magnetometer=();gyroscope=();speaker=(self);vibrate=();fullscreen=(self);payment=();"

n00b_noob 02-21-2021 03:56 AM
I added below line to "httpd.conf" to solve "Content-Security-Policy", but my website messed up:
Code:
Header always set Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;"
Why?

n00b_noob 02-27-2021 04:21 AM
1 Attachment(s)
Thank you.
When I added above line then the Chromium Developer Tools show:

Attachment 35732

This is my problem and I don't know how to solve it!


All times are GMT -5. The time now is 09:43 AM.