This thread is resolved. Here is a description of the problem and solution.
Problem:
The client reported issues with the Content Security Policy (CSP) affecting WPML, specifically involving directives like 'unsafe-inline', 'unsafe-eval', and 'https: URI' in default-src. These issues allow the execution of unsafe scripts and code. The client used a tool called Tenable Nessus to detect these issues and noticed errors such as 'Uncaught ReferenceError: wpml_cookies is not defined' from language-cookie.js.
Solution:
We asked the client to provide more details about the issues and to share the site debug information following our guide at https://wpml.org/faq/provide-debug-information-faster-support/. We also requested the URL or a screenshot of the errors and access credentials to the site for further investigation. We continued the conversation in a forum ticket to address the issue more securely.
If this solution does not resolve your issue, or if it seems outdated or irrelevant to your case, we highly recommend checking related known issues at https://wpml.org/known-issues/, verifying the version of the permanent fix, and confirming that you have installed the latest versions of themes and plugins. If the problem persists, please open a new support ticket at WPML support forum.
This is the technical support forum for WPML - the multilingual WordPress plugin.
Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.
This topic contains 3 replies, has 0 voices.
Last updated by 1 week, 1 day ago.
Assisted by: Carlos Rojas.
