CSP Issue in WordPress with No Unsafe Inline Plugin & .htaccess

  • Hello everyone, I’m experiencing an issue with Content Security Policy (CSP) in WordPress while using the No Unsafe Inline plugin.Issue:

    • When I enable CSP Protection in the plugin, the only policy that appears is upgrade-insecure-requests ?
    • However, when using Report-Only mode, all CSP rules appear correctly ?
    • I also tried applying CSP rules in .htaccess, but when CSP Protection is active, they do not show up

    My CSP configuration in .htaccess:

    Header set Content-Security-Policy "default-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://secure.gravatar.com https://cdn.amcharts.com; script-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://cdn.amcharts.com; style-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com; img-src 'self' data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://secure.gravatar.com; font-src 'self' https://*.gstatic.com data:; connect-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com maps.google.com; worker-src 'self' blob:; form-action 'self';"

    What I’ve tried:

    ? Checked Network → Headers in DevTools → CSP rules are visible in Report-Only mode, but when CSP Protection is enabled, only upgrade-insecure-requests appears.
    ? Cleared WordPress & browser cache.
    ? Disabled caching plugins like LiteSpeed & WP Rocket.
    ? Removed CSP rules from .htaccess to test whether the plugin is applying them correctly.

    Questions:

    1?? Why do all CSP rules appear in Report-Only mode, but when CSP Protection is enabled, only upgrade-insecure-requests is applied?
    2?? Could there be a conflict between the CSP settings in .htaccess and the No Unsafe Inline plugin?
    3?? How can I ensure that CSP rules from the plugin are being properly applied without being overridden?

    Any insights would be greatly appreciated. Thank you.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.