error: script-src directive is missing

  • Resolved dave8441

    (@dave8441)


    3 years, 5 months ago

    When I check my web pages in Lighthouse, several pages display these 3 errors:

    Ensure CSP is effective against XSS attacks
    A strong Content Security Policy (CSP) significantly reduces the risk of cross-site scripting (XSS) attacks.
    1) script-src directive is missing. This can allow the execution of unsafe scripts.
    2) Elements controlled by object-src are considered legacy features. Consider setting object-src to ‘none’ to prevent the injection of plugins that execute unsafe scripts.
    3) No CSP configures a reporting destination. This makes it difficult to maintain the CSP over time and monitor for any breakages.

    I do not get this error on every web page, only on a few. Why am I seeing this and how do I fix it?

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @dave8441

    Lighthouse won’t take into consideration that you are using WordPress. We generally recommend that you don’t create a Content Security Policy for a WordPress website unless you know precisely what you are doing and how to test it as there is a high probability that the policy can break WordPress, your theme, and any plugins that you use. You may have to create so many exclusions that creating the policy is not worth the effort.

Viewing 1 replies (of 1 total)
  • The topic ‘error: script-src directive is missing’ is closed to new replies.