Hi,
Thank you very much, i found the problem.
If WordPress is secured with .htaccess file and “headers” are set, then WP has the problem that wordpress.org cannot be contacted.
Sample .htaccess in wordpress root directory:
[…SNIP…]
<IfModule mod_headers.c>
Header unset server
Header unset ETag
Header set X-Content-Type-Options nosniff
Header always set X-XSS-Protection “1; mode=block”
Header always set X-FRAME-OPTIONS “SAMEORIGIN”
Header always set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”
Header always set Permissions-Policy “geolocation=(), microphone=(), payment=()”
Header set Referrer Policy: strict-origin-when-cross-origin
>>>>>>> Header set Content-Security-Policy “default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval'” <<<<<<<<<<
Header set Connection keep-alive
Header set Expect-CT “enforce, max-age=21600”
FileETag None
</IfModule>
[…SNIP…]
The following entry must be set in the wp-admin directory, in the .htaccess file:
<IfModule mod_headers.c>
Header unset Content-Security-Policy
</IfModule>
Then the WP backend works again without any problems, no further changes are required.
You can close the ticket again, thank you.