• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue unconfigured CSP blocking iframe

itval

New Pleskian
Hi,
we have moved from a i-mscp vserver to a plesk 18.0.24 administered vserver. We did not configure CSP (contect security policy) yet. However when we want to show an embedded iframe the users get an CSP error (here: Firefox) that this insert was blocked.

So far the provider could not tell us where to look for settings to deactivate any (default?) CSP settings. When I have our domain checked with the Mozilla site checker:
I get the message that there is no CSP implemented and get a -25 score.

Web Application Firefall Mode = OFF

But why do we get an CSP error in the first place when loading a page with an iframe? With i-mscp all worked fine. Is this a plesk issue? Where to look?

thx for some thoughts,
Lino
 
Last edited:
would help if you let us know your OS and how your plesk is configured: only apache, apache/nginx, only nginx, something less common...
 
Back
Top