Content Security Policy removes header background image

albertvanharten · November 12, 2020, 2:52pm

Hi,

I am using Shapely with great pleasure, on my website https://computernoerden.dk
I am using a parallax on the front page, with a nice picture of the earth seen from outer space.
But if I enable a Content Security Policy (CSP) in my .htaccess, the background image is not being displayed.
Even if the CSP is allowing everything - like this:
Header set Content-Security-Policy “default-src *; script-src *; style-src *; img-src *; connect-src *; font-src *; object-src *; media-src *; frame-src *; sandbox *; report-uri *; child-src *; form-action *; frame-ancestors *; plugin-types *; base-uri *; report-to *; worker-src *; manifest-src *; prefetch-src *; navigate-to *;”

What can I do to enable a CSP and also my background picture?

Yours,

Albert van Harten
Computernørden
Denmark

colorlibsupport · November 13, 2020, 10:03am

Hey there

Well, what can I say about it, it’s not theme related error, most probably you are not properly using CSP, to be honest, I don’t know it very well ti review your rules in the policy, but the fact is that is not working, try to research your question in the net for more details

albertvanharten · November 20, 2020, 12:11pm

You were totally right. “Enable everything” with a wildcard in the CSP does not … enable everything. I had to specify data: in the CSP line.

If others have the same problem: this did the trick for me:

Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:"

colorlibsupport · November 23, 2020, 10:01am

Wow, nice to hear
and thank you for sharing the solution with others

Have a great day