[wp-trac] [WordPress Trac] #51438: Use CSP directive upgrade-insecure-requests when using HTTPS
WordPress Trac
noreply at wordpress.org
Thu Oct 8 05:29:36 UTC 2020
#51438: Use CSP directive upgrade-insecure-requests when using HTTPS
------------------------------------------+------------------------------
Reporter: flixos90 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses:
------------------------------------------+------------------------------
Comment (by ayeshrajans):
Given that multiple CSP headers/meta tags will only further restrict the
effective policy, I think this will be a change that would not overwrite
if there is a CSP header sent at the web server level.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51438#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list