[Resolved] Content security headers breaks the site due to issues with default theme code

Log In Free Support

Popular Articles

Missing style.css

Updating errors

Installing GP Premium

Installing GeneratePress

This topic has 5 replies, 2 voices, and was last updated 6 years ago by Tom.

Viewing 6 posts - 1 through 6 (of 6 total)

Author

Posts
March 10, 2020 at 6:53 pm #1191418

Webmaster

Hi there!

I’m trying to implement the following security headers but when testing, the default theme code is not getting along so it breaks the site.

add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy “default-src ‘self’;”;
*add_header Strict-Transport-Security ‘max-age=31536000; includeSubDomains; preload’; *this one works just fine

Can you guys advice?

Thanks!

March 11, 2020 at 8:18 am #1192054

Tom
Lead Developer
Lead Developer

Hi there,

What about the site breaks, exactly? That code shouldn’t have any effect on the theme itself.

March 11, 2020 at 11:16 am #1192184

Webmaster

Hi Tom,

The whole css, images and fonts break so it loads the content on a white background.

March 11, 2020 at 4:39 pm #1192401

Tom
Lead Developer
Lead Developer

I’m no expert when it comes to this kind of thing. It wouldn’t be directly related to the theme, I assume the same thing would happen with any theme. Are you sure the code is valid? Have you checked with your hosting?

March 12, 2020 at 6:16 am #1192767

Webmaster

Thanks Tom, I found this is related to caching.

March 12, 2020 at 8:27 am #1193049

Tom
Lead Developer
Lead Developer

Glad you got it sorted 🙂
Author

Posts

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.