CSP error when replying to a comment

Expected behavior

ability to reply to a comment from the back-end

Current behavior

CSP error:

Content Security Policy: The page’s settings blocked the loading of a resource at https://<domain>/wp-admin/admin-ajax.php (“default-src”).

Steps to reproduce

Provide a link to a live example, or an unambiguous set of steps to reproduce this bug. Include code to reproduce, if relevant.

  1. try commenting from the back-end

Context

i typically reply to comments from the the back-end and did so earlier today without issue, but suddenly i’m receiving the CSP error

i did a reinstall from the back-end and this didn’t solve the problem - also completely cleared all web storage for the domain

Do you have any security plugins? ClassicPress does not include CSP by default. Either a security plugin enabled it or it was added to htaccess file by you or someone else.

Creating your own content security policy can be challenging as ClassicPress or WordPress has a lot of assets, embeds, and scripts.

i add the CSP header long ago and never changed it since, however i just now set default-src 'self' whereas before it was none and this seems to have solved the problem

odd

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.