Hello Everyone,
I have been at this for days. My form is not working on my site and this is the error message that I am getting:
Refused to load https://protontactical.com/js/all.js?275 because it does not appear in the script-src directive of the Content Security Policy.
Can someone explain to me how to write a code to fix this?
Thanks
Are you creating a form using separate code from what Blocs produces as standard? The content security policy is normally set in the htaccess file as part of header security and can be very strict or not exist at all.
Yes. I am using the Blocs form. It was actually working fine. I started getting warning from Google and Fire Fox saying that the site was not secure. The host company, Mochahost added a CSP and some other features and now the form doesn’t work.
If you are not familiar with this process I would go back to your web host and check with them. I have CSP cranked up to the max on most of my sites without problems, so I suspect it’s the other features causing problems, but it needs to be tested.
Sorry it took so long getting back to you. This is the error code: Refused to load https://protontactical.com/js/all.js?275 because it does not appear in the script-src directive of the Content Security Policy.
Since your Host setup your CSP, get them to modify it to include script-src.
Or if you are game, edit your htaccess file on your webhost to include it.
This isn’t a Blocs issue, it’s a hosting configuration.
@brechtryckaert created a great resource for understanding htaccess.
Yeah I’ve come to realize this. My former host company merged with Mochahost and the transfer has not been smooth. I am considering a jump. I’ve been back and forward with them with this as I cannot access the CSP via htaccess as I should. I have been directed to access the CSP via SSH which is a dead end.
Yeah, good hosting is worth the cost. It can be tricky when hosts are assimilated, often by larger ones.
Stick with well established hosts… and avoid GoDaddy 
I remember hosting with a company 20+ years ago, and they were just white labelling off another host, who then purchased all their customers. The backend became a mess to access for some reason after that. I moved on.
That’s exactly where I’m at.
A good host will migrate you, often for free. Makes it painless to move.
Lots of options. But in the US, I use A2Hosting. I find they are really good, been with them for some time now.
Thank You, I’ve actually just finished a conversation with support. They are addressing the htaccess matter. I will look into A2Hosting. Thanks!
You have to sign up for 36 months A2Hosting. It gets costly if you don’t.
The best thing to do is match your hosting with your demands / needs.
A lot of people just look for cheap and wonder why they have issues. But in saying that, expensive is not always the answer.
If it’s any help, I use www.ineedwebhosting.uk here in the UK. Been using them now for 10-12 years and about 10 sites with them.
A good, solid service and David, the owner is always very helpful and responsive to problems (which are mine in the making - not his!)