[#45684] - Content-Security-Policy - No valid directives found in policy
- Closed
- 3 Jul 2025
- Medium
- Build: 5.3-dev
- # 45684
Steps to reproduce the issue
I activate the plugin 'System - HTTP Header'.
Activated options on CSP tab.
Adding some directives:
- Policy Directive default-src, Value 'self', Client Both
- Policy Directive script-src, Value 'self', Client Site
- Policy Directive style-src, Value 'self' 'unsafe-inline', Client Site
- Policy Directive img-src, Value 'self' data:, Client Site
Now after scanning with securityheaders.com, I receve this warning:
Content-Security-Policy No valid directives found in policy.
Expected result
The CSP directives are interpreted
Actual result
On Header response there's no values:
content-security-policy:
content-security-policy-report-only:
System information (as much as possible)
Joomla 5.3.1
PHP 8.3.22
Additional comments
joomla-cms-bot
- | Labels |
Added:
No Code Attached Yet
|
||
I configured the correct plugin parameters, but the CSP values are blank
sorry don't know what to say to help you as it works for me with the settings i have shown
Maybe it could be an option in Akeeba Admin tools that conflicts, but I haven't found it.
Not that I can see as I have admintools on that site and i dont see any option in there that would conflict
Ok, I found the guilty. The plugin 'System - GDPR' cause the problem.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2025-07-03 12:30:24 |
| Closed_By | ⇒ | mariantanase |
it is working correctly if you configure it correctly
https://securityheaders.com/?q=https%3A%2F%2Ftransitions.brianstest.site%2F&followRedirects=on