[wp-trac] [WordPress Trac] #39941: Allow using Content-Security-Policy without unsafe-inline
WordPress Trac
noreply at wordpress.org
Mon Jul 8 21:01:59 UTC 2019
#39941: Allow using Content-Security-Policy without unsafe-inline
-------------------------------------------------+-------------------------
Reporter: tomdxw | Owner:
| johnbillion
Type: enhancement | Status: accepted
Priority: normal | Milestone: Future
| Release
Component: Security | Version: 4.8
Severity: normal | Resolution:
Keywords: has-patch needs-refresh 2nd-opinion | Focuses: javascript
-------------------------------------------------+-------------------------
Comment (by epicfaace):
What if we instead created a nonce that is only used for scripts loaded
from WordPress Core, and thus cannot be accessed by the developer for use
by arbitrary scripts? What do you think, @jadeddragoon and others?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39941#comment:34>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list