0WordPress的标志WordPress的可视化编辑器不工作

我有一个问题,一会儿在WordPress的可视化编辑器按钮停止工作. 代码编辑器被罚款, 和可视化编辑器按钮存在,但上点击它没有任何效果. 多摆弄身边后,我终于发现这是由我的内容安全策略打破!

One reas­on this was so dif­fi­cult to dia­gnose is because I haven’t seen any­one else sug­gest CSP as the source of the prob­lem, espe­cially since I am using the “clas­sic edit­or” plu­gin which most people seem to blame. The plu­gin, or word­press itself, may be partly to blame as my CSP isn’t unreas­on­able, but clearly I needed to per­mit some­thing else.

When I finally star­ted dig­ging through the con­sole I found the fol­low­ing error (in Fire­fox): The page’s set­tings observed the load­ing of a resource at eval (“script-src”)

The Chrome con­sole was much more help­ful: “Refused to eval­u­ate a string as JavaS­cript because ‘unsafe-eval’ is not an allowed source of script in the fol­low­ing Con­tent Secur­ity Policy directive”

So to get this work­ing I will have to enable “unsafe-eval” which is annoy­ing because this makes a con­tent secur­ity policy largely pointless.

As more and more people imple­ment CSP this will become more of an issue for the word­press and plu­gin devs to resolve to hope­fully in the longer term solu­tions will become avail­able. Until then I will see if there is a work­around by remov­ing inline and eval code.

The best inform­a­tion and guide I have found so far is at Col­or Blind Programming

Leave a Reply