Content Security Policy Error

  • Resolved Damienov

    (@damienov)


    3 years, 10 months ago

    After the latest update (2.1.3) I received this content error warning in chrome

    Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.htm

    – HTTP Strict Transport Security policy = currently On. Tried turning it Off, error persist
    – X-Frame-Options = Off
    – X-XSS-Protection = Off
    – X-Content-Type-Options = Off
    – HTTP Public Key Pinning = Off
    – Referrer Policy = Off
    – Content Security Policy = Off (all policy field empty)
    – Not Using any CDN

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor Marko Vasiljevic

    (@vmarko)

    Hello @damienov

    I am sorry about the issue you are experiencing and I am happy to assist you with this.
    Can you please temporarily disable the Browser Cache in Performance>General settings, save all settings and purge the cache, and see if the issue persists?
    Thanks!

    Thread Starter Damienov

    (@damienov)

    That did the trick, thanks

    Although purging cache on a site with a lot of posts sent me to 404 page on the front page when clearing the cache

    I have to manually delete enhanced page cache folder & files manually on the server first, only then I wont get thrown to the 404 page when clearing the cache

    Plugin Contributor Marko Vasiljevic

    (@vmarko)

    Hello @damienov

    Thank you for the info.
    If there is a lot of files and depending on the server resources, you may need to delete the files manually.
    The issue is most likely with the CSP as the error suggests. So you may have some custom rules or rules on your server and it may be causing conflict. However, it’s strange since you mentioned that frame-src: filed is empty and CSP is disabled.
    I would suggest to re-enable Browser Cache and disable each setting in the Security headers section on the Browser Cache page, and of course, save all settings and purge the cache to see which setting may be responsible.
    Thanks!

    Thread Starter Damienov

    (@damienov)

    alright, at least the front end CSP error is gone for now

    • This reply was modified 3 years, 9 months ago by Damienov.
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Content Security Policy Error’ is closed to new replies.