content security policy with WP page

  • We are trying to create a CSP, but this one seems to be unresolvable since it’s actually WP.

    a11y.min.js is calling some CSS, which makes it embedded. CSP does not allow this. The url is:

    /wp-includes/js/dist/a11y.min.js?ver=somelettersandnumbers

    The browser error message is:

    a11y.min.js?ver=d90eebea464f6c09bfd5:2 [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: “style-src?https://pro.fontawesome.com?https://kit.fontawesome.com?‘nonce-73f1a0225eff2’ ‘report-sample’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-NE3gBSsVG0IdyINKOXv7oH’), or a nonce (‘nonce-…’) is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the ‘unsafe-hashes’ keyword is present.

    Is there anything we can do?

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.

Tags