JoshuaPettus
commented
1 year ago It turns out it was indeed the honeypot being forced visible with the Content-Security-Policy, even if it's marked disabled in the config. As I already had a capcha field in place, I just opted to comment out the code in the plugin that displayed the honeypot.
Here is a random one I was wondering if someone could shine some light on what's going on. In the interest of security and getting an A+ in Mozilla's Observatory, I added a basic CSP header to my picocms webpage. Thing is, when I do this, a random checkbox is added to the bottom of my form above the send button. This checkbox has no text or anything. When it's checked it stops the form from going through. My first thought was that somehow the honeypot that was showing so I turned it off, but it's still there. Clearly it's something wrong with my implementation that's effecting the p01contact plugin. I'm using Nginx and PHP8.1 Here is the header I added:
add_header Content-Security-Policy "default-src 'none'; script-src 'self; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self; form-action 'self'; frame-src https://SiteINeedanIframeFrom.com; frame-ancestors 'none'" always;
Any Ideas?