[wp-trac] [WordPress Trac] #39941: Allow using Content-Security-Policy without unsafe-inline

WordPress Trac noreply at wordpress.org
Tue Feb 6 15:02:33 UTC 2018


#39941: Allow using Content-Security-Policy without unsafe-inline
-------------------------+--------------------------
 Reporter:  tomdxw       |       Owner:  johnbillion
     Type:  enhancement  |      Status:  accepted
 Priority:  normal       |   Milestone:  5.0
Component:  Security     |     Version:  4.8
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:  javascript
-------------------------+--------------------------

Comment (by jrchamp):

 @tomdxw I really like the idea here for inline. Can we extend it to
 external scripts too? 'strict-dynamic' seems to be the gold standard.
 https://www.w3.org/TR/CSP3/#strict-dynamic-usage

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39941#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list