.htaccess is not updated

Hello @timholz

Thank you for reaching out and I am happy to help!
I’ve just tested this and enabled Content Security Policy in Performance>Browser Cache>Security headers and set script-src: to self
Once I saved all settings and purged the cache I was able to see the header:
content-security-policy:script-src ‘self’

I can see that also when inspecting your website:

As for the .htaccess, the W3TC does add the rules:

<IfModule mod_headers.c>
   
    Header set Content-Security-Policy "script-src 'self'"
    
</IfModule>
# END W3TC Browser Cache

As you can see just before END W3TC Browser Cache

Can you please share your .htaccess file and what you see there in the Browser Cache section?

Thanks!

@vmarko – thanks for responding. Yes, that’s right the csp is indeed appearing in the response headers. But unfortunately, the script-src directives, that i added in the browser cache section, is not updated in .htaccess. That’s the problem. How can i share .htaccess (it is quite big)? As for the settings in the cache section, i could provide a json file (from the export section). I could upload everthing to dropbox. By the way, exporting the plugin settings open a new browser tab and the settings are one big compressed json. That too, is a bit strange, cause in former versions the json was properly formatted and downloaded to my download folder… Thanks a lot for your interest and time. regards theo

Hello @timholz

Thank you for your feedback.
Please check the Performance>Install section of the plugin and see if those rules are there.
You can use https://pastebin.com/ and share the link.
As for the .json file, i tried to replicate this, however, I always get the .json file downloaded.
So it appreas that the problem is with some browser cache or browser extensions.
Please check other browsers and see if it works.
Thanks!

@vmarko Hi – Thanks for responding. The json is under: https://pastebin.com/dQTdNve3 and htaccess: https://pastebin.com/cNtPyuTf As for the rules under Performance>Installer, i can see some rules, but i do not know what rules you are referring to. I tested downloading the plugin settings in various browsers. The behaviour described above is consistent. Please let me know, when you are done with viewing the files in pastebin. regards theo

@vmarko hi – i checked with another site in dev-mode and encountered similar problems. The .htaccess is not updated when changing the settings. I also tried altering the settings ?with all in one wordpress security? plugin disabled. Same result. Exporting the plugin settings however worked well. regards theo

Hello @timholz

Thank you for sharing this.

I can see the Header set Content-Security-Policy “script-src ‘self'” in your .htaccess that is commented out with the #
It appears taht you are using some other plugin or some custom rules for security headers and that is creating some kind of conflict.
Are you using anything else besides W3TC to set this up?

Thanks!

@vmarko Hi -thanks for the message. Yes, it has # before that line, but that was me, not a plugin, who wrote that sign. The transfer from the plugin settings to htaccess is not happening, that’s why i altered it manually. The problem persists, i reinstalled w3tc, disabled the security plugin, but it stays the same. htaccess is not changing… bye bye

Hello @timholz

The other W3TC rules are added as you can see in the .htaccess you shared.
So please let me know when you enable those in the security settings, do you see those rules applied in the Performance>Install section
It should look something like this depending on the settings:

Thanks!

@vmarko Hi – i do not enable anything in the security plugin. I just disabled the plugin to check any interference with w3tc. And yes, the rules are present under performance>install. As i said, the problem persists not only with one website, but rather several. So, inspite of the great performance of w3tc, i can’t help but thinking of a new way. The plugin settings are not communicating with htaccess. Have a nice evening

@vmarko Hi

final test:

1. Disable all features in general settings > .htaccess does not reflect any change
2. Disable w3tc plugin > .htaccess reflects this. Everything related to w3tc is erased
3. Enable w3tc plugin > .htaccess does not reflect this action. No w3tc rules present in .htaccess
4. Delete w3tc; also delete all tables with w3tc in database
5. Install w3tc and import settings previously exported > save settings and purge all caches > .htaccess does not reflect this, no w3tc rules present.
6. Conclusion > Apparently there is a communication problem with .htaccess or no resource for retrieving w3tc rules is available
   Thanks
   regards theo