Hi there,
Could you please post your site URL here so that we can have a look? If you want it to remain private, you can also contact us via contact form. If you choose to reach out directly, please include a link to this thread.
Thank you!
Thread Starter
julian
(@julianoe)
I’m having the issue on this blog https://www.geeks-curiosity.net/jadis-looking-backward/ This is an example post but all others that contain a youtube embed have the same issue. For example https://www.geeks-curiosity.net/rymdreglage/
When I disable the plugin, the issue disappears. I’ve turned this around but can’t understand where it comes from. I’ve tried with default theme and no plugins and the issue seems to persist.
Hi @julianoe,
Thanks for sharing your website! I haven’t been able to check it since Jetpack isn’t installed and connect there at the moment, I suppose you have deleted it for that cause.
From the error, this seems to be related to the Content Security Policy, do you use any plugin that manages that for you? A security plugin more precisely, something such as WordFence, or Sucuri. If so, I’d suggest checking the settings for the CSP and make adjustments there to allow the Youtube embed to work (which is referred to as an iFrame.) I’d suggest clearing the cache after doing that (if you are using a caching plugin).
Let us know how this goes.
Thread Starter
julian
(@julianoe)
I’m not sure I understand your answer: of course I’m using a Caching plugin, we are discussing an issue about WP Super Cache.
Also I don’t have Jetpack installed because I don’t need its features but it is not a requirement for Wp Super Cache to work so it should not be an issue.
The security plugins I have are : Disable XML-RPC and WPS Hide Login to prevent spam requests on the server and Akismet, which I doubt causes troubles with this.
Just for good measures I disabled the two plugins mentioned, wiped the cache. The issue persists. As I said I tested with 0 plugins and I have the issue anyway with WP Super Cache.
I had a special .htaccess config so I disabled this too and moved back to the default WordPress one, which I reproduced below:
# BEGIN WordPress
# Les directives (lignes) entre « BEGIN WordPress » et « END WordPress » sont générées
# dynamiquement, et doivent être modifiées uniquement via les filtres WordPress.
# Toute modification des directives situées entre ces marqueurs sera surchargée.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I don’t know what else to investigate. I don’t see what could mess up the CSP ou could control it other than the caching plugin. Or a setting inside WOrdpress I don’t know of (this is a very old website even though it is fully updated). Any idea?
Hello there – could you please completely disable cache and check if the issue persist?
Also you can probably set up a content security policy by adding a meta tag like this. Or, by modifying an HTTP header through .htaccess.
Thread Starter
julian
(@julianoe)
Hi! I disabled several times to confirm the issue persisted and it did. Actually I had disabled the plugin to prevent problems. Previous to post this issue I re-enabled the caching plugin to show you how it causes problems.
I will explore the solutions you suggest and come back. Thanks
Hello there – that sounds good! Let us if the solution worked for you.
Thread Starter
julian
(@julianoe)
As you can see on the website it did not solve the problem and caused other issues to change the CSP like this. I’m running out of options here.
Hello @julianoe,
Thanks for the update.
One thing we’d like you to try is Jetpack Boost’s caching feature highlighted here: https://jetpack.com/support/jetpack-boost/caching-site-content/.
Make sure you follow the steps the requirements mentioned in our guide here: https://jetpack.com/support/jetpack-boost/#how-to-install-jetpack-boost.
If you’re still experiencing the same issue you had with WP Super Cache, please let us know so we can troubleshoot further.
Look forward to your updates!
Hello @julianoe,
Do you have updates about that? We usually close inactive threads after one week of no activity, but we want to make sure we’re all set before marking it as solved. Thanks!
Thread Starter
julian
(@julianoe)
Hello back!
I’ve updated the website, disabled Wp Super Cache (and all plugins that could be causing issues) and enabled Jetpack Boost… but the issue persists. You can view it on the website.
Thanks for you insights.
Hi Julian,
I’ve updated the website, disabled Wp Super Cache (and all plugins that could be causing issues) and enabled Jetpack Boost… but the issue persists. You can view it on the website.
Thank you for your persistence and for trying that!
The Jetpack connection to your site is currently broken. You can see this yourself by entering the url https://www.geeks-curiosity.net into this debugging tool:
https://jptools.wordpress.com/debug/
Have you disconnected Jetpack Boost since you did that testing?
Hi again,
Sorry, I’ve just noticed that the Jetpack Boost cache is active on your site, despite the broken Jetpack connection. So we don’t need to worry about the connection problem for now.
I’m checking with our developers again to see if there’s more we can debug here. We’ll get back to you!
Thread Starter
julian
(@julianoe)
I want to add that Jetpack confirmed to me the reason I don’t want it on my website (outside of this test): the second I installed it I received an email, which is unnecessary and an intrusive use of my admin email address.
I’ll be watching this thread for response and give further information if needed to debug. Thanks again.
Hi Julian,
Our developers have done some more testing and found the following:
The nonworking example (video doesn’t load) has X-Jetpack-Boost-Cache: miss.
The working example (video loads on refresh) has X-Jetpack-Boost-Cache: hit and no content security policy header.
Doesn’t work:
HTTP/1.1 200 OK
Date: Thu, 20 Jun 2024 10:07:28 GMT
Server: Apache/2.4.59 (Debian)
X-Jetpack-Boost-Cache: miss
X-Pingback: https://www.geeks-curiosity.net/xmlrpc.php
Link: https://www.geeks-curiosity.net/wp-json/; rel=”https://api.w.org/”, https://www.geeks-curiosity.net/wp-json/wp/v2/posts/4211; rel=”alternate”; type=”application/json”, https://www.geeks-curiosity.net/?p=4211; rel=shortlink
X-Matomo-Request-Id: d6d7d
Referrer-Policy: same-origin
Content-Security-Policy: default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’; img-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ data:;
Cache-Control: must-revalidate
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11669
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Works:
HTTP/1.1 200 OK
Date: Thu, 20 Jun 2024 10:07:53 GMT
Server: Apache/2.4.59 (Debian)
X-Jetpack-Boost-Cache: hit
Upgrade: h2
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11669
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8
Our best advice is to find out what is adding the Content-Security-Policy header; it’s only there when our cache is active but returns a miss and it’s not something we’re adding.
If that header can be removed, then this problem should be resolved.
If you don’t get anywhere with that, then Jetpack Boost and WP Cache might not be the right solutions for website, I’m sorry to say.
— @happyaxident
