[wp-trac] [WordPress Trac] #38536: Hook/Function to Set Content-Security-Policy
WordPress Trac
noreply at wordpress.org
Thu Oct 27 20:51:07 UTC 2016
#38536: Hook/Function to Set Content-Security-Policy
--------------------------+-----------------------------
Reporter: bhubbard | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
I would like to see a function to set the Content-Security-Policy header.
I believe it should be in core so plugins and themes can hook into to set
the whitelist domains/urls. By having it in core would allow the function
to prevent duplicates. Maybe default to using any script enqueued on page
load?
Further Reading:
https://scotthelme.co.uk/content-security-policy-an-introduction/
https://securityheaders.io
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38536>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list