A lot of mistakes in the generated CSP

  • There are a lot mistakes in the generated Content-Security-Policy statement. It fails to insert the blob and data directives. It adds a semicolon and double quote at the end of the line that shouldn’t be there.

    The only thing this plugin is really good for is the report page.

Viewing 1 replies (of 1 total)
  • Plugin Author Milan Petrovic

    (@gdragon)

    The policy is tested with various tools, and the headers are all OK. The headers fail only if the added rules are invalid, and I see in the forums that a lot of users are setting invalid rules, and then blame the plugin for errors. If you can provide the information on how you have set the plugin exactly and how it has failed, I might be able to check it out.

Viewing 1 replies (of 1 total)
  • The topic ‘A lot of mistakes in the generated CSP’ is closed to new replies.