Support

Account

Home Forums ACF PRO Strange CSP error with ACF Pro and Select2 library

Solving

Strange CSP error with ACF Pro and Select2 library

    • the_lar

    • April 29, 2019 at 10:04 pm

    Hi All,

    I’m getting a very odd content security policy error with the select2 library on my Edit Post page. The only plugin which uses this on my blog is ACF Pro and I can confirm that disabling ACF Pro the error goes away.

    The console error I’m seeing is:

    There are a couple of things that are odd about this –
    1. Why is it trying to load the resource over http when the site is https?
    2. Why is it trying to load the resource from a completely incorrect location?

    I searched the source html and the references to select2 are all within the acf pro plugin directory – the URL’s that appear in the screenshot above ARE NOT in my source code!

    FYI the content security policy is defined in my .htaccess file and contains the following:
    Header set Content-Security-Policy "default-src 'self' www.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com maps.googleapis.com www.gstatic.com *.cloudflare.com code.jquery.com https://www.google-analytics.com;connect-src 'self' https://maps.googleapis.com https://maps.gstatic.com yoast.com;img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com *.gravatar.com s.w.org img.youtube.com https://www.google-analytics.com https://stats.g.doubleclick.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.cloudflare.com https://maps.gstatic.com https://use.typekit.net https://p.typekit.net;font-src 'self' fonts.googleapis.com fonts.gstatic.com https://use.typekit.net data:;object-src 'self'"

    Can anyone shed any light here? I have deleted my cache and cookies too.

    Kevin

  • You have something strange going on that is altering the URLs of the scripts. The first step would be to try deactivating other plugins to see if there is some kind of a conflict.

    This is only a guess, somewhere, something is trying to load the select2 JS files from a cdn and something else is replacing the domain name with yours as well as loading from non SSL. But that’s only a guess.

    • wggl

    • July 21, 2020 at 11:32 pm

    wow, looks great. Do you use cloudflare?

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them in our Cookie Policy. If you continue to use this site, you consent to our use of cookies.