Improvement suggestions for scripts and assets

  • Resolved karlemilnikka

    (@karlemilnikka)


    1 year, 3 months ago

    Hi.

    I wonder if you could consider making two improvements to the Presto Player? I’d like to submit them as feature requests.

    First, some Presto Player assets are loaded on pages without any Presto Player blocks. Please load the assets conditionally.

    Second, Presto Player adds insecure inline-scripts, making Presto Player incompatible with secure CSPs (we must add the unsafe-inline attribute to our sites’ CSPs). Please move all scripts to files. If that requires too much work, please enqueue them so that their attributes are filterable with wp_script_attributes, introduced in WordPress 5.7.

    If you add the scripts as files, you make Presto Player compatible with static secure CSPs. If you add the scripts inline though filterable with wp_script_attributes, you make Presto Player compatible with dynamic CSPs (which is better than nothing).

    Best regards
    Karl Emil Nikka

Viewing 1 replies (of 1 total)
  • Plugin Author Andre Gagnon

    (@2winfactor)

    Hi Karl,

    First off, thank so much for your request. We’ll definitely have to take this into consideration. Secure CSPs post a challenge to web components in a library we use, so we will have to take that into account, too.

    Any other questions or thoughts on this, please to let me know.

Viewing 1 replies (of 1 total)
  • The topic ‘Improvement suggestions for scripts and assets’ is closed to new replies.