Honeypot textarea visible with strict CSP header

  • Resolved 4a4b

    (@4a4b)


    5 months, 4 weeks ago

    Hi,

    With a strict content security policy the inline CSS of the honeypot is ignored by the browser and the textarea becomes visible. This is the case for example with this HTTP header:

    Content-Security-Policy: default-src 'self';

    As a workaround I have moved the inline CSS to an external css file:

    /* Antispam-Bee */
textarea#comment {
  padding: 0 !important;
  clip: rect(1px, 1px, 1px, 1px) !important;
  position: absolute !important;
  white-space: nowrap !important;
  height: 1px !important;
  width: 1px !important;
  overflow: hidden !important;
}

    Maybe the Antispam Plugin could itself include such a CSS file (additionally to the inline CSS) so the honeypit textarea remains hidden with a strict CSP header?

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.