Plugin conflict when adding security policies

  • Resolved Douglas Ferraz

    (@douglasferraz89)


    4 years, 2 months ago

    Kindly note that I need to add some
    Security policy on the header as ( Content-Security-Policy, X-Xss-Protection, X-Frame-Options ) . If I unable the plugin, the security policies go thru. So, the plugin is not allowing me to add more information by Nginx.

    For example:

    add_header Content-Security-Policy “default-src blob: ‘self’ https: data: ‘unsafe-inline’ ‘unsafe-eval’;” always;
    add_header X-Xss-Protection “1; mode=block” always;
    add_header X-Frame-Options “SAMEORIGIN” always;
    add_header X-Content-Type-Options “nosniff” always;
    add_header Referrer-Policy “strict-origin-when-cross-origin” always;

    I am not able to add the security policy If the plugin is active

    If I activate the plugin the information is not included.

    I added the

    more_clear_headers ‘Pragma’;
    more_clear_headers ‘Expires’;
    more_clear_headers ‘Cache-Control’;
    add_header Cache-Control $wp_cf_super_cache_active;

    on the php block

    I added the

    map $upstream_http_x_wp_cf_super_cache_active $wp_cf_super_cache_active {
    default ‘no-cache, no-store, max-age=0’;
    ‘1’ ‘s-max-age=604800, s-maxage=604800, max-age=60’;
    }

    on the http block

    The Plugin works and returns two headers: x-wp-cf-super-cache and x-wp-cf-super-cache-active

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Plugin conflict when adding security policies’ is closed to new replies.