[wp-trac] [WordPress Trac] #39941: Allow using Content-Security-Policy without unsafe-inline
WordPress Trac
noreply at wordpress.org
Sat Oct 30 10:03:56 UTC 2021
#39941: Allow using Content-Security-Policy without unsafe-inline
-------------------------------------------------+-------------------------
Reporter: tomdxw | Owner:
| adamsilverstein
Type: enhancement | Status: closed
Priority: normal | Milestone: 5.7
Component: Security | Version: 4.8
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests commit | Focuses: javascript
has-dev-note |
-------------------------------------------------+-------------------------
Comment (by enricocarraro):
Replying to [comment:105 scofennell@…]:
> Am I missing something?
I think WordPress should give the option to use strict CSP to the users
who want it, I can imagine that dynamic websites like e-commerces would at
least consider implementing it for the most sensitive pages.
On caching: full page caching is not the only option, but I get that for
mostly-static websites it is the best bang for your buck.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39941#comment:106>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list