[wp-trac] [WordPress Trac] #39941: Allow using Content-Security-Policy without unsafe-inline
WordPress Trac
noreply at wordpress.org
Thu May 31 21:29:13 UTC 2018
#39941: Allow using Content-Security-Policy without unsafe-inline
-------------------------+--------------------------
Reporter: tomdxw | Owner: johnbillion
Type: enhancement | Status: accepted
Priority: normal | Milestone: 5.0
Component: Security | Version: 4.8
Severity: normal | Resolution:
Keywords: | Focuses: javascript
-------------------------+--------------------------
Comment (by RagnarKarlsson):
Has consideration been made to hook this, so that nonces can be included
within security plugins (such as Ninjafirewall) which set a full CSP?
Adding the header with just the script-src element as per the example
plugin would be overwritten if a subsequent csp is defined in a second
header.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39941#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list