CSP and unsafe-inline

  • Resolved islp

    (@islp)


    6 years, 4 months ago

    I tried to understand if it does but I’m not sure: does WPMembers use inline JS? I need to know it because I’m trying not to declare unsafe-inline and unsafe-eval in my website Content security policy.

    If so, would it be possible to remove inline JS from future WPMembers versions?

    • This topic was modified 6 years, 4 months ago by islp.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Chad Butler

    (@cbutlerjr)

    does WPMembers use inline JS?

    Yes – it does.

    If so, would it be possible to remove inline JS from future WPMembers versions?

    I won’t say no, but can’t promise that either. I’ll look into the possibility of applying a hook that can turn it off, but stuff that is inline is primarily there because it is variable based on specific criteria. Otherwise it would be included in the js file(s).

    Thread Starter islp

    (@islp)

    Hi Chad, thanks for your kind reply.

    Maybe this problem should be solved at the WP core level (by using nonces or hashes).

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘CSP and unsafe-inline’ is closed to new replies.