• though i see what needs to be done i am not sure how you would implement changes on dynamically built pages in wordpress that are mostly plugin driven

    please help me understand the use and implementation

    i have style-src and script-src with unsafe inlines now and my security team wants them to not be unsafe inline

    thanks in advance

Viewing 1 replies (of 1 total)
  • Plugin Author Giuseppe

    (@mociofiletto)

    Hi @fscalzo thanks for your interest in the plugin.
    What the plugin tries to do can be explained in this way:
    It reads the page just before the wp process shuts down PHP execution and captures all scripts and styles.
    Then, it checks if scripts and styles are allowed (whitelisted) or if they seem to be generated by the same code of whitelisted clustered scripts or styles (this means that it checks if those found in the page are similar to whitelisted ones).
    If scripts and styles are allowed, they will be included in the csp.
    At this point the plugin sends http header with csp, and then the modified page (with nonces or integrity hashes included).

    Please, notice that this plugin is very young and I am still working on its code.
    If you experience some issues or you detect bugs, report those on github.
    Anyway, before using it in production, I really suggest you to check for any working or performance issue in a test environment.

Viewing 1 replies (of 1 total)
  • The topic ‘not sure how you would implement’ is closed to new replies.