Content-Security-Policy

  • This plugin uses dynamic ‘unsafe-inline’ javascript.

    The jetpackCarouselStrings variable has at least 2 values that are dynamic:
    * nonce
    * login_url

    That preventus from calculating a sha-hash
    and put in the ‘Content-Security-Policy’.

    Could the data be deliverd to the script in a CSP-frendly way?

  • The topic ‘Content-Security-Policy’ is closed to new replies.

Tags