Using a Strict Content Security Policy while allowing woocommerce Plugin to work

  • Resolved danrancan

    (@danrancan)


    1 year, 4 months ago

    Hi, I am trying to create a strict Content Security Policy (CSP) in my Nginx configuration, and I want to be sure that any outside sources that this plugin uses are included in my policy.

    In my Nginx virtual hosts server block, I am starting off with the following strict Content Security Policy (Header):

    add_header Content-Security-Policy "default-src 'self';

    Is there anything that THIS PLUGIN uses that isn’t included in ‘self’, that would need to be included in a strict content security policy header?

    If so, could you please tell me what else I need to include in my Nginx header (specifying img-src rules, style-src rules, script-src rules, connect-src rules, and any other etc-src etc-src rules to keep a strict CSP while still allowing this plugin to be fully functional? Thanks so much for any help!

    • This topic was modified 1 year, 4 months ago by James Huff.
    • This topic was modified 1 year, 4 months ago by James Huff. Reason: wikipedia excerpt removed
Viewing 1 replies (of 1 total)
  • Plugin Support Nami

    (@woonami)

    Hi there @danrancan ,

    Thank you for writing in our forum! This topic is outside of our support scope since it deals with modification and customization of the plugin, but I highly encourage you to reach out to other Woo communities about this:

    You may also check out other resources and look up by keywords such as “Security headers CSP WordPress plugin” and see if you may find something that fits your objectives there.

    Thanks for choosing Woo!

Viewing 1 replies (of 1 total)
  • The topic ‘Using a Strict Content Security Policy while allowing woocommerce Plugin to work’ is closed to new replies.