LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page How to solve Content-Security-Policy and Permissions-Policy?
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-18-2021, 06:45 AM   #1
n00b_noob
Member
 
Registered: Sep 2020
Posts: 436

Rep: Reputation: Disabled
Post How to solve Content-Security-Policy and Permissions-Policy?

Hello,
I have a WordPress website and checked it with https://securityheaders.com/ website and it show me an error about “Content Security Policy (CSP)” and "Permissions-Policy" headers. I changed my Apache configuration and added below line to it:
Code:
Header set Content-Security-Policy-Report-Only "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"
But, problem not solved. Chromium show me some issues.
How can I solve it?

Thank you.
Attached Thumbnails
Click image for larger version Name: 1.png Views: 28 Size: 13.4 KB ID: 35657   Click image for larger version Name: 2.png Views: 27 Size: 42.1 KB ID: 35658  
 
Old 02-20-2021, 12:45 AM   #2
n00b_noob
Member
 
Registered: Sep 2020
Posts: 436

Original Poster
Rep: Reputation: Disabled
Hello,
Any idea about it?
To solve "Permissions-Policy", I added below line to "httpd.conf" and it solved:
Code:
Header always set Permissions-Policy "geolocation=();midi=();notifications=();push=();sync-xhr=();microphone=();camera=();magnetometer=();gyroscope=();speaker=(self);vibrate=();fullscreen=(self);payment=();"
Last edited by n00b_noob; 02-20-2021 at 12:51 AM.
 
Old 02-21-2021, 03:56 AM   #3
n00b_noob
Member
 
Registered: Sep 2020
Posts: 436

Original Poster
Rep: Reputation: Disabled
I added below line to "httpd.conf" to solve "Content-Security-Policy", but my website messed up:
Code:
Header always set Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;"
Why?
 
Old 02-27-2021, 04:21 AM   #4
n00b_noob
Member
 
Registered: Sep 2020
Posts: 436

Original Poster
Rep: Reputation: Disabled
Thank you.
When I added above line then the Chromium Developer Tools show:

Click image for larger version Name: Issues.png Views: 50 Size: 51.5 KB ID: 35732

This is my problem and I don't know how to solve it!
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Configure my Redhat directory server password policy and account lockout policy arunplanet Linux - Newbie 4 10-06-2012 08:59 AM
Creating a Safer Web with Content Security Policy win32sux Linux - Security 1 03-22-2011 12:00 PM
how to solve solve broken shell problem prasanth.george Red Hat 1 01-21-2011 09:48 AM
How to set the password policy and lockout policy bin_shell Linux - Security 4 03-24-2010 03:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:00 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration