Zitat von zero24Jein zeig mir einmal bitte deine CSP Konfiguration "automatisch" sollte das Plugin das nicht machen. Das Problem an script-src-attr ist das es nur in chromium Browsern verfügbar ist: https://caniuse.com/mdn-http_h…ty-policy_script-src-attr
Konfiguration:
object-src 'none';
default-src 'none';
prefetch-src 'self';
frame-src 'sha256-cMHdua5T1nBK2UWIbCEQsoz/eG73vbCp+YXBdjlokVI=' 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://platform.twitter.com https://syndication.twitter.com https://web.facebook.com https://www.facebook.com https://www.google.com;
base-uri 'self';
connect-src 'self' https://freetools.seobility.net/de/seocheck/friededenhuetten.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net;
font-src 'self' https://fonts.gstatic.com https://freetools.seobility.net/de/seocheck/friededenhuetten.de;
img-src 'self' data: https://www.googletagmanager.com/ https://www.google.de/ads/ https://www.google.com/ads/ https://www.webwiki.de/etc/rating/widget/319033017/ https://freetools.seobility.net/widget/ https://siwecos.de https://web.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net;
manifest-src 'self';
media-src 'self';
form-action 'self';
worker-src 'none';
script-src 'sha256-d/C6egRqD1vZyqYwJ+I4wE9qy+WQFN1+QenQm+Txxow=' 'sha256-oVF57aRwJ+3iu7ErqPuwYvYTaGH5LFcy0tWwClXvWvo=' 'sha256-zni72vetuahae9TaqEi/rrlC5U/+1CaYyS6FmVMuHnk=' 'sha256-IZ55lKr0UJxotWYdztmHiAYh3cSoU9XsK6KKIRgUPyk=' 'sha256-M+EDhLdzZ9aAK7PH6dgMP7CfM/BbFEDuKNHRpH0T7ic=' 'sha256-u8QUOPM2TlgQNYubfguZseXee2TKlo7K8GWJPmREYBs=' 'sha256-W2zgtQTqKFr+mqXTsV2THUlUGKlDY/0HlKoBPVKdOIM=' 'sha256-cMHdua5T1nBK2UWIbCEQsoz/eG73vbCp+YXBdjlokVI=' 'sha256-E1V8nFo6D7tomecnJtjLKwx4FHn/YNKFSZrFst0Zw54=' 'sha256-qwQ9tfNIe2D55Me+TzkXJCffauS1L+E4CJ4s4r5/AAY=' 'sha256-8YOYIdSiFF9svc65gS9B72qsI8nOp8Y/tMonc+gKdQw=' 'sha256-iF6Nkq0YYga6Gefe2TzSEQ0NEdV3OGbD3BksnxT71mQ=' 'sha256-aRXC8Xk+yedBLMtvedNUQRZny1J6hGnifNuENpA5N2I=' 'self' https://connect.facebook.net/de_DE/ https://platform.linkedin.com/ https://platform.twitter.com/ https://www.google-analytics.com https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://freetools.seobility.net/de/seocheck/friededenhuetten.de https://www.googletagmanager.com/gtag/;
style-src 'self' 'unsafe-inline';
frame-ancestors 'self';
Alles anzeigen
Vielleicht hilft dir das weiter.
Hier noch die Konfiguration mit script-src-attr
:
object-src 'none';
default-src 'none';
prefetch-src 'self';
frame-src 'sha256-cMHdua5T1nBK2UWIbCEQsoz/eG73vbCp+YXBdjlokVI=' 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://platform.twitter.com https://syndication.twitter.com https://web.facebook.com https://www.facebook.com https://www.google.com;
base-uri 'self';
connect-src 'self' https://freetools.seobility.net/de/seocheck/friededenhuetten.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net;
font-src 'self' https://fonts.gstatic.com https://freetools.seobility.net/de/seocheck/friededenhuetten.de;
img-src 'self' data: https://www.googletagmanager.com/ https://www.google.de/ads/ https://www.google.com/ads/ https://www.webwiki.de/etc/rating/widget/319033017/ https://freetools.seobility.net/widget/ https://siwecos.de https://web.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net;
manifest-src 'self';
media-src 'self';
form-action 'self';
worker-src 'none';
script-src-attr 'sha256-/a7k+0c5UzyRaH2TdUBCuTuTAT1lD5IWBKImBkmZdF4=' 'sha256-G9MrWSvvIefg02z4Cq5wrVy7HI6Q6H/eSyj08G9zIhY=' 'sha256-Wza7bTzCD/6rCgCGVXt99mK8eE46iUEgimPQTKWqfvk=' 'sha256-IZ55lKr0UJxotWYdztmHiAYh3cSoU9XsK6KKIRgUPyk=' 'sha256-cMHdua5T1nBK2UWIbCEQsoz/eG73vbCp+YXBdjlokVI=' 'sha256-E1V8nFo6D7tomecnJtjLKwx4FHn/YNKFSZrFst0Zw54=' 'unsafe-hashes';
script-src 'sha256-/a7k+0c5UzyRaH2TdUBCuTuTAT1lD5IWBKImBkmZdF4=' 'sha256-G9MrWSvvIefg02z4Cq5wrVy7HI6Q6H/eSyj08G9zIhY=' 'sha256-Wza7bTzCD/6rCgCGVXt99mK8eE46iUEgimPQTKWqfvk=' 'sha256-IZ55lKr0UJxotWYdztmHiAYh3cSoU9XsK6KKIRgUPyk=' 'sha256-cMHdua5T1nBK2UWIbCEQsoz/eG73vbCp+YXBdjlokVI=' 'sha256-E1V8nFo6D7tomecnJtjLKwx4FHn/YNKFSZrFst0Zw54=' 'sha256-qwQ9tfNIe2D55Me+TzkXJCffauS1L+E4CJ4s4r5/AAY=' 'sha256-8YOYIdSiFF9svc65gS9B72qsI8nOp8Y/tMonc+gKdQw=' 'sha256-iF6Nkq0YYga6Gefe2TzSEQ0NEdV3OGbD3BksnxT71mQ=' 'sha256-aRXC8Xk+yedBLMtvedNUQRZny1J6hGnifNuENpA5N2I=' 'self' https://connect.facebook.net/de_DE/ https://platform.linkedin.com/ https://platform.twitter.com/ https://www.google-analytics.com https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://freetools.seobility.net/de/seocheck/friededenhuetten.de https://www.googletagmanager.com/gtag/;
style-src 'self' 'unsafe-inline';
frame-ancestors 'self';
Alles anzeigen
Das liefert folgende Fehlermeldung:
ZitatRefused to execute inline event handler because it violates the following Content Security Policy directive: "script-src-attr 'sha256-zFOPhgwnYGQYWbklvrt4LFRZEPSZf5uiQlxI/wRqG/w=' 'sha256-Nvln2/9s2bt91lnc/BTaguQLP9rmnxZpUSIhwbVDjmw=' 'sha256-BzMzodSbv5/ym+eJeCgxRf7kDN/WU9JWBhAonzSuRcU=' 'sha256-IZ55lKr0UJxotWYdztmHiAYh3cSoU9XsK6KKIRgUPyk=' 'sha256-cMHdua5T1nBK2UWIbCEQsoz/eG73vbCp+YXBdjlokVI=' 'sha256-E1V8nFo6D7tomecnJtjLKwx4FHn/YNKFSZrFst0Zw54=' 'unsafe-hashes'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
_handleMouseUp @ unbekannt