[Support request] Unrecognized Content-Security-Policy directive 'upgrade-insecure-requests'

Home Forums General issues Unrecognized Content-Security-Policy directive 'upgrade-insecure-requests'

This topic contains 8 replies, has 3 voices, and was last updated by  Mark Wolters 6 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #115203 Reply

    Janneke Wijma

    Hi!

    At Google Search Console I get the message “Unrecognized Content-Security-Policy directive ‘upgrade-insecure-requests'” for my website. I found https://googlechrome.github.io/samples/csp-upgrade-insecure-requests/, but do not know how to take it further.
    Does it has anything to do with the settings in SSL?
    I see there:
    – Je site is nog niet geconfigureerd voor de HSTS preload lijst. Lees de documentatie goed door voor je je aanmeldt. Schakel de preload lijst optie in
    – The mixed content fixer is not active on the admin panel. Enable this feature only when you have mixed content on the admin panel.

    #115221 Reply

    Mark Wolters
    Keymaster

    Hi Janneke,

    on which site are you experiencing this issue? The ‘upgrade insecure requests’ option adds that header. Could you provide me with your site address so I can have a look?

    Mark

    #115403 Reply

    This header is a valid header, but it’s possible Google does not recognize it. If you want you can disable it in settings/ssl

    #115571 Reply

    Janneke Wijma

    Hi Mark, op incosi.com.

    #115575 Reply

    Mark Wolters
    Keymaster

    The header seems to be set properly, a redirect check returns

    Content-Security-Policy: upgrade-insecure-requests;

    If Google still returns an error, you can disable the option in the plugin settings.

    Mark

    #115846 Reply

    Janneke Wijma

    Thanks! In Replace mixed content automatically?

    #115849 Reply

    Google does not return an error as such, only does not recognise it. Google has forgotten to add this header to the list of headers they know. So the error is with the Google report, not with the header.

    In settings/ssl there is a setting “upgrade insecure requests” where you can disable it.

    #152025 Reply

    Guntis Endzelis

    > In settings/ssl
    Where do I need to go to change the settings?

    #152040 Reply

    Mark Wolters
    Keymaster

    Hi Guntis,

    if you have this error you can disable the ‘Add header to force insecure requests over https’ option in Settings->SSL.

    Mark

Viewing 9 posts - 1 through 9 (of 9 total)
Reply To: Unrecognized Content-Security-Policy directive 'upgrade-insecure-requests'
Your information: