Content Security Policy
-
I am trying to write a Content-Security-Policy but am having trouble finding a solution online to solve the inline script issue. I do not want to use ‘unsafe-inline’ as this defeats the purpose of having a CSP in the first place. The best option I have seen seems to be using nonces, however, I am struggling to find a detailed description of how these can be implemented correctly. A lot mention that there was a WordPress patch that added new filters that allowed for nonces etc but they never seem to explain how I use these filters and tags. I am not adept at the coding side of websites but I can understand how to get things done if I’m told where to go. I have access to the .htaccess file and have written a CSP already but, as I’ve mentioned, this does not take care of the inline script issue. Any assistance from WordPress devs or people that have successfully managed to write a working CSP that accounts for dynamic scripts would be greatly appreciated.
WP.com: Yes
Correct account: YesThe blog I need help with is: (visible only to moderators and staff)
-
Hi! Just to check, was this regarding a website that you’re hosting here on WordPress.com?
If this was in regards to a different site, feel free to share the URL; please bear in mind that we are able to help with sites that are hosted here with us on WordPress.com, but for sites using the WordPress software from WordPress.org, there is a community forum at this address:
https://wordpress.org/support/forums/
- The topic ‘Content Security Policy’ is closed to new replies.
WordPress.com Forums 