I just wanted to share with you on the subject because I spend 3 days searching and testing this problem until I found a solution. I wish to share my solution with you. (I'm a self-taught web designer, not a professional).
Context : I was asked to update a 2009~2012 post-type WordPress website, to add a landing page for a promotional campaign, design for phone, and mobile-first.
I built the landing page in WordPress, added a revolution slider than test it. It was beautiful on every desktop and Droid phone. But it didn't work on Safari iOs. All inline scripts and inline-CSS didn't work at all, shortcodes too. I receive the bug error ' Refused to apply a stylesheet because its hash, its nonce, or ‘unsafe-inline’ appears in neither the style-src directive nor the default src directive of the Content Security Policy '
I try deactivating all the plugins one by one, I search on 90 pages and forums to find why it didn't work on SAFARI and how to solve it. Found out I needed to edit the Content-Security-Policy. I try adding the cache pluging W3Cache Total to use their Content-Security-Policy, even though it had a place to add and modify the CSP, it didn't make any change to the original code, as it didn't have the authorization to do it. It try adding this:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
But it didn't do anything. I must say I am working with an old website I did not build.
To solve my problem, I opened the HTCacces files and added this code to be the more permissive iOs browser ever.
#Header unset Content-Security-Policy
#Header add Content-Security-Policy "default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss:"
#Header unset X-Content-Security-Policy
Header add X-Content-Security-Policy "default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss:"
Header unset X-WebKit-CSP
Header add X-WebKit-CSP "default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss:"
Everything worked and I receive not bug code from iOs . I know the website might be insecure now, but I do not thing ever, nobody would attack this website, because it is so little in the Internet universe.
Please do not be harsh with me, I just want to share with you my solution, even though it might not be the best and a professional would have found out easily, I wrote it down for those like me who are self-taught web designers and learn every day by fixing bugs. Sorry for the typos, I'm an FR Quebecker.
Thank you Stack Overflow!
