Can’t get it working at all

  • Resolved Jon Brown

    (@jb510)


    3 years, 7 months ago

    I can’t seem to get this to output anything. The only directive I’ve added is for
    Policy: report-to to which I’ve added my report-uri url.

    Viewing source, clearing/bypassing cache I don’t see anything CSP added to the source.

    Feature suggestions.
    1) Option to apply same CSP to admin/logged-in/front-end. It’s super obnoxious to replicate settings for all 3 separately, and took me a while to even realize “logged-in and Frontend” were there at the bottom.
    2) A tabbed interface for admin/logged-in/front-end. I suspect this is maybe what was alluded to in the 1.1 change log… but #1 ought to be even more important.
    3) An “add permissive settings as defaults” button. Yes, CSPs should be restrictive, but a lot of people are just going to want a CSP and want ot to be fully permissive (allow everything) then restrict things down one by one.

    It’s super daunting to me to start with WP sites by generating very restrictive CSP. There are always pages that break when I do that, so way more reliable to setup a wide open policy, then report on it… then slowly lock things down and look for breakage.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Jon Brown

    (@jb510)

    Ok, I’m dumb. I forget CSP only shows in the actual HTTP response header, not head. For some reason I remember seeing head tags with CSPs in them, guess I’m just confused there.

    This is working… just oddly not reporting any data to report-URI.

    Plugin Author Patrick Sletvold

    (@16patsle)

    Hi, and sorry for not answering (I noticed you seemed to find a solution before I saw your post).

    Thanks fpr the suggestions, they are greatly appreciated. Suggestion #2 should be resolved by the collapsible sections I’ve been implementing on the development branch, but I will note down the others and see if I can add them in the future. Due to computer issues I have been unable to do proper WordPress development the last while, but hopefully this should be resolved soon.

    Best regards,
    Patrick Sletvold

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Can’t get it working at all’ is closed to new replies.