Site Health fails and reports no Javascript

  • Just upgraded to v. 6.1.1. Many links are now broken. Plugins cannot upgrade. Notification screens are blank. When site health is launched it says “The Site Health check requires JavaScript.” Excuse me! Of course JS is enabled. We have turned off all plugins cleared .htaccess and user.ini, set current default theme and turned off Mod Sec on host. No resolution. Just trying to upgrade WordFence. Why so hard???

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hello @bizarr0,

    Since you mentioned JS is enabled, I would suggest checking the same functionality with a different browser, or from a private tab. It’s probably happening due to browser issues or conflicts with extensions enabled on the browser.

    Hope it helps.

    Thread Starter bizarr0

    (@bizarr0)

    Thanks Ranjana:

    This is happening in all browsers/platforms and with all WP backend functions. I began to suspect that it had to do with CSP and yep, here it tis. But all plugins are turned off and Mod Sec is truned for this site on the surever. Yet:

    Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-hUtKpukeE8HPmndbA+rgMIaVUwe2ix+vFY9t0pKDjeY='), or a nonce ('nonce-...') is required to enable inline execution.

post.php:1911 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-tktwdtprAyK6c5CyG4KxFjn2/c2fLfQKbrHfaoUESOw='), or a nonce ('nonce-...') is required to enable inline execution.

post.php:1973 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-YW9rA+oaPcT7oFs4Yy/NhmTQP0m6wFlpl1a3yGY92OM='), or a nonce ('nonce-...') is required to enable inline execution.

post.php:2024 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-60Y5SZryMP/67Q/k36LVBXH6SBee31fcbdC5y8D7RYw='), or a nonce ('nonce-...') is required to enable inline execution.

    Go figure! guess I will have to become expert at yet another obscure protocol just to keep WP alive.

    Thread Starter bizarr0

    (@bizarr0)

    We have now resolved this issue. It required that the site domain be moved from a sub-domain alias to an addon/parked domain on the server with its own docroot. Otherwise it would inherit the primary domain security directives (Mod Sec). These directives are not compatible with WP. Be aware that this could well happen on other sites depending upon the domains position in the site heirarchy. This hasn’t been a problem until recently because most mainstream browsers are now strictly enforcing Content Security Policies. It will happen again.

    Thx

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Site Health fails and reports no Javascript’ is closed to new replies.