Back to GD Security Headers Forum

Blocked: data

Published on: February 5, 2022 at 5:57 pm · By: janmejstrik
Author
Topic
#74401

Hello,
I am user of your great plugin GD Security Headers. I am using CSP polcies and everything was working as expected, until now. In the CSP reports table there is an violation log which seems like this:

ID: 418
IP: xxx.xxx.xxx.xxx
Violated: media-src
Effective: media-src
URL: https://www.skautikomarov.cz/fotogalerie-komarovske-podzemi/
Blocked Data: data

I would like to set the CSP policy to eliminate this message, but I do not know, how to set the “data” string to allowed rules.
Could you pleace help we with this issue?
Thanks a lot
Jan

Viewing 4 replies - 1 through 4 (of 4 total)
Author
Replies
  • #74403

    This is error with Media policy, and you need to add data: as an item for it. But, this is very strange, what media element you have that has media stored as data (this can be audio or video tag)? Do you have some browser extension maybe doing this?

    Dev4Press - Premium plugins for WordPress.

  • #74404

    Hello. Thank you very much for your quick response. I will try adding data: string to csp policy.
    The violation is generated from the page with 3d virtual trip created with pano2vr software and displayed by plugin: garden gnome package.
    Best regards
    Jan

  • #74405

    Yeah, it is possible that it embeds some content via data in video or audio tag.

    Dev4Press - Premium plugins for WordPress.

  • #74406

    It seems the data: string works pertect. Thank you once again for your help and great support.
    Best regards
    Jan

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Blocked: data’ is closed to new replies.