System Report CSS errors

Refused to load because it appears in neither the style-src directive nor the default-src directive of the Content Security Policy.

According to chatGPT this error message indicates that the Content Security Policy (CSP) of the website you are trying to access is blocking the loading of the file “/c/6.2/wp-admin/css/themes.min.css” because it is not included in either the “style-src” directive or the “default-src” directive.

A CSP is a security feature that is implemented by a website to prevent cross-site scripting (XSS) attacks by specifying which sources of content are allowed to be loaded. The “style-src” directive specifies which sources are allowed to be used for CSS stylesheets, while the “default-src” directive specifies the default sources for all content types.

To resolve this issue, the website owner needs to update the CSP to include the" file in either the “style-src” or “default-src” directive. If you do not own the website, you may need to contact the website owner or the webmaster to resolve this issue.

I can’t believe this was resolved by adding the line

force_ssl = 1

to common.config.ini.php as this should be the default?

Indeed, the CSP errors persist in wp-admin/admin.php?page=matomo-summary

Hi @tomcoady

The CSP rules checks the resource full address. As http:// is different than https://, browser can reject the CSS either the page or the CSS is on http:// and the other one on https://.
Be sure the CSS and WP admin page are on the same servers or the admin page declares the CSS resource as safe (using Content-Security-Policy HTTP header or <meta http-equiv="Content-Security-Policy"... tag in the HTML <head>).