Facebook
Twitterjohnrdorazio
Basic Pleskian
I recently ran into an issue when updating the Content Security Policy in my nginx headers, using the "Additional nginx directives" textarea for a domain. I started getting an ERR_HTTP2_PROTOCOL_ERROR on Chrome and Edge, but not on Firefox. I couldn't for the life of me figure out why, for such a simple change in the headers, I had simply added a new domain to the accepted `script-src` list of domains), but I figured I would try to undo the change by removing the new domain I had added. Still no luck, still getting same error on Chrome and Edge. I was looking into all sorts of solutions on stackoverflow, which suggested turning gzip on or off, or making sure the declared size of the document corresponded with the actual size... I finally found the problem when issuing `curl -v https://mydomain.example`, I could see the newline in the middle of the Content Security Policy header. Funny thing is I couldn't see it from the Plesk interface because it was occurring right near where a natural break would have occurred anyways in the textarea. After making sure that newline character was gone, my website started responding correctly again both on Chrome and Edge.
I would suggest that the Plesk "linting" when saving the headers check for newline characters within a single header, and issue a warning if one is found. Firefox seems to not complain, but Chrome and Edge will not like it.
I would suggest that the Plesk "linting" when saving the headers check for newline characters within a single header, and issue a warning if one is found. Firefox seems to not complain, but Chrome and Edge will not like it.