Hello everyone,
If you're having issues with plugins like Tawk, YouTube embeds, or SimplyBook due to Content Security Policy (CSP) rules, here's a quick fix. CSP now requires explicit permission for third-party plugins to work. You need to update both your .htaccess file and the header.php file in your template. Here's how:
Step 1: Update the .htaccess File
Access Your
.htaccessFile: This file is in the root directory of your website. Use an FTP client or your hosting provider's file manager to access it.Add CSP Header: Insert the following line into your
.htaccessfile:apache
<IfModule mod_headers.c>
Header set Content-Security-Policy "default-src 'self'; script-src 'self' https://allowed-plugin-domain.com; style-src 'self' 'unsafe-inline'; frame-src https://allowed-plugin-domain.com;"
</IfModule>
Replace
https://allowed-plugin-domain.comwith the actual domains you need.Save and Upload: Save the file and upload it back to your server.
Step 2: Update the header.php File
Locate
header.php: This file is usually underwp-content/themes/your-theme-name/.Add CSP Meta Tag: In the
<head>section, add:html
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://allowed-plugin-domain.com; style-src 'self' 'unsafe-inline'; frame-src https://allowed-plugin-domain.com;">
Again, replace the domain with the relevant ones you need.
Save and Upload: Save your changes and upload the file.
Test Your Site
Clear your browser cache and reload your site to see if the plugins are now functioning properly. If you encounter any issues, check the browser console for CSP errors and adjust accordingly.
This should help get your plugins working again with the new CSP rules!
Cheers 🥂