Nonce management?

  • Resolved Ambyomoron

    (@josiah-s-carberry)


    3 years, 11 months ago

    I note that the database table ‘seasp_site_settings’ contains a column called ‘nonce_enabled’. I don’t see where the plugin manages nonces. For what purpose does this column serve?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author bluetriangle

    (@bluetriangle)

    Hey there, thanks for reaching out! We’ll check into this and get back with you as soon as possible.

    Hey there this field is to support a future nonce feature. It needs a bit more testing before we can go live with it but I can give you an idea of what it is going to be.
    1. users will be able to manually add nonces to specific directives
    2. the plugin will generate a word press nonce that can be appended to your file names. The user will have to give a name to the nonce.

    Thank you for taking interest in our plugin I am glad you are really digging into the nuts and bolts. Would you mind leaving us a review?
    Also there is an update today! please let us know what you think.

    This next update to the plugin will include WordPress admin alerts and we fixed a bug where some domains were not getting entered correctly. We also added an opt in for plugin usage data collection.

    Thread Starter Ambyomoron

    (@josiah-s-carberry)

    To the extent that such nonces help avoid ‘unsafe-inline’ values for directives, that will be a very welcomr addition.

    I agree I am also looking into adding support for SHA-256 hashes to avoid having unsafe inline for scripts. I am looking for a way to scrape those from the browser console when they are generated. Have not found a way yet though. For now I think those will be manual entry in the coming updates new interface.

    Thread Starter Ambyomoron

    (@josiah-s-carberry)

    Either that, or reproducing the same algorithm as used by the browser.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Nonce management?’ is closed to new replies.