{"id":3040,"date":"2020-06-11T10:29:01","date_gmt":"2020-06-11T08:29:01","guid":{"rendered":"https:\/\/da-software.net\/?p=3040"},"modified":"2020-06-11T10:30:58","modified_gmt":"2020-06-11T08:30:58","slug":"blocked-by-the-content-policy-csp-after-submitting-the-form","status":"publish","type":"post","link":"https:\/\/da-software.net\/en\/2020\/06\/blocked-by-the-content-policy-csp-after-submitting-the-form\/","title":{"rendered":"Blocked by the Content Policy (CSP) after submitting the form"},"content":{"rendered":"

After submitting the form in the browser, only an error message appears stating that the page is blocked due to the content policy. <\/p>\n

<\/p>\n

The error can occur if the form is embedded in the website with an iframe. After submitting, the form mail script is called and then redirected to the thank you page.<\/p>\n

\"\"<\/p>\n

What is the Content Policy (CSP)?<\/h2>\n

CSP stands for “Content Security Policy<\/a>“. In simple terms, it is a security function that prevents the content of the website from being included from another source. Specifically, it tells the browser from which servers the browser may integrate content.<\/p>\n

What does this have to do with my form?<\/p>\n

If the form is included in an iframe and the thank you page is displayed in the iframe, the error may occur if the server prevents the form from being included in a frame. You can check if your server implements this security policy at SecurityHeaders.com<\/a>.<\/p>\n

\"\"<\/p>\n

Here the website implements the CSP guideline and also prevents the inclusion of content as an iframe.<\/p>\n

Do not open thank you page in the iframe<\/h2>\n

The easiest way to work around the problem without changing the server configuration itself is not to display the thank you page in the iframe itself.<\/p>\n

\"\"<\/p>","protected":false},"excerpt":{"rendered":"

After submitting the form in the browser, only an error message appears stating that the page is blocked due to<\/p>\n","protected":false},"author":1,"featured_media":661,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[202],"tags":[204,90,203],"class_list":["post-3040","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-faq-and-support","tag-browser","tag-form","tag-support"],"_links":{"self":[{"href":"https:\/\/da-software.net\/en\/wp-json\/wp\/v2\/posts\/3040","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/da-software.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/da-software.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/da-software.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/da-software.net\/en\/wp-json\/wp\/v2\/comments?post=3040"}],"version-history":[{"count":0,"href":"https:\/\/da-software.net\/en\/wp-json\/wp\/v2\/posts\/3040\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/da-software.net\/en\/wp-json\/wp\/v2\/media\/661"}],"wp:attachment":[{"href":"https:\/\/da-software.net\/en\/wp-json\/wp\/v2\/media?parent=3040"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/da-software.net\/en\/wp-json\/wp\/v2\/categories?post=3040"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/da-software.net\/en\/wp-json\/wp\/v2\/tags?post=3040"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}