Content Security Policy and WordPress Customizer

I added a CSP using Transform Rules in Couldflare panel with this value:

“default-src ‘self’ data: *.goatcounter[dot]com *.cloudflare[dot]com *.b-cdn[dot]net fonts.googleapis[dot]com fonts.gstatic[dot]com unsplash[dot]com; object-src ‘none’;”

The issue is that the WP customizer is not loading. Once I remove that CSP it loads just fine. My question is how can I add the customizer on that rule with the other allowed domains? Should I add the domain of my website?

The content of your CSP is probably a bit outside the scope of this forum as it’s not Cloudflare related.

I’d recommend using your browser developer tools to see what is being blocked and why. Alternatively, you could use a tool such as Report URI - Content Security Policy Wizard - Report URI Documentation.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.