I got in again by searching the settings in the DB. Found here: hh_content_security_policy_value
Then I was able to reset everything and switch on “Report-Only”. Now I can continue. It would be safer if ?“Report-Only”, with a warning that switching it off can break a site with no easy way of recovery.
Reset with this:
a:22:{
s:11:”default-src”;a:2:{s:13:”‘unsafe-eval'”;s:1:”1″;s:6:”source”;s:0:””;}
s:10:”script-src”;a:2:{s:6:”‘‘”;s:1:”1″;s:6:”source”;s:0:””;} s:9:”style-src”;a:2:{s:6:”‘‘”;s:1:”1″;s:6:”source”;s:0:””;}
s:7:”img-src”;a:2:{s:6:”‘‘”;s:1:”1″;s:6:”source”;s:0:””;} s:11:”connect-src”;a:1:{s:6:”source”;s:0:””;} s:8:”font-src”;a:2:{s:6:”‘‘”;s:1:”1″;s:6:”source”;s:0:””;}
s:9:”media-src”;a:2:{s:6:”‘‘”;s:1:”1″;s:6:”source”;s:0:””;} s:10:”report-uri”;a:2:{s:6:”‘‘”;s:1:”1″;s:6:”source”;s:0:””;}
s:9:”child-src”;a:2:{s:6:”‘‘”;s:1:”1″;s:6:”source”;s:0:””;} s:11:”form-action”;a:2:{s:6:”‘‘”;s:1:”1″;s:6:”source”;s:0:””;}
s:15:”frame-ancestors”;a:2:{s:6:”‘‘”;s:1:”1″;s:6:”source”;s:0:””;} s:10:”object-src”;a:2:{s:6:”‘‘”;s:1:”1″;s:6:”source”;s:0:””;}
s:9:”frame-src”;a:2:{s:6:”‘‘”;s:1:”1″;s:6:”source”;s:0:””;} s:10:”worker-src”;a:2:{s:6:”‘‘”;s:1:”1″;s:6:”source”;s:0:””;}
s:12:”manifest-src”;a:3:{s:6:”‘‘”;s:1:”1″;s:15:”‘unsafe-inline'”;s:1:”1″;s:6:”source”;s:0:””;} s:11:”navigate-to”;a:2:{s:1:”“;s:1:”1″;s:6:”source”;s:0:””;}
s:12:”prefetch-src”;a:2:{s:1:”“;s:1:”1″;s:6:”source”;s:0:””;} s:8:”base-uri”;a:2:{s:1:”“;s:1:”1″;s:6:”source”;s:0:””;}
s:12:”plugin-types”;s:0:””;s:9:”report-to”;s:33:”[email protected]”;s:7:”sandbox”;a:2:{s:13:”allow-scripts”;s:1:”1″;s:39:”allow-top-navigation-by-user-activation”;s:1:”1″;}
s:15:”require-sri-for”;a:2:{s:6:”script”;s:1:”1″;s:5:”style”;s:1:”1″;}
}
