Topic

Hello,
I am user of your great plugin GD Security Headers. I am using CSP polcies and everything was working as expected, until now. In the CSP reports table there is an violation log which seems like this:

ID: 418
IP: xxx.xxx.xxx.xxx
Violated: media-src
Effective: media-src
URL: https://www.skautikomarov.cz/fotogalerie-komarovske-podzemi/
Blocked Data: data

I would like to set the CSP policy to eliminate this message, but I do not know, how to set the “data” string to allowed rules.
Could you pleace help we with this issue?
Thanks a lot
Jan

Replies

This is error with Media policy, and you need to add data: as an item for it. But, this is very strange, what media element you have that has media stored as data (this can be audio or video tag)? Do you have some browser extension maybe doing this?

Dev4Press - Premium plugins for WordPress.

Hello. Thank you very much for your quick response. I will try adding data: string to csp policy.
The violation is generated from the page with 3d virtual trip created with pano2vr software and displayed by plugin: garden gnome package.
Best regards
Jan

Yeah, it is possible that it embeds some content via data in video or audio tag.

Dev4Press - Premium plugins for WordPress.

It seems the data: string works pertect. Thank you once again for your help and great support.
Best regards
Jan