Adding nonce keys in CSP header | ww.wp.xz.cn

wpbackend
(@wpbackend)

1 year, 11 months ago
Hi,

Can you please mention how to create nonce key and add it in csp header script src and relative attributes in the script call as well?

ex: script-src ‘nonce-fgggg’ ‘strict-dynamic’ ….
- This topic was modified 1 year, 11 months ago by wpbackend.

Viewing 4 replies - 1 through 4 (of 4 total)

Moderator threadi
(@threadi)

1 year, 11 months ago

If you want to configure this yourself, it depends on which hosting environment you are running. Take a look at this article: https://wp-techsupport.com/implementing-content-security-policy-csp-wordpress/

However, there are also plugins that can help with this. Some security plugins have tools for this: https://ww.wp.xz.cn/plugins/tags/security/

And then there are some like this: https://ww.wp.xz.cn/plugins/cookies-and-content-security-policy/

Thread Starter wpbackend
(@wpbackend)

1 year, 10 months ago

The issue is not resolved. when using customized nonces, it is showing errors for cf7 and refuce to load the script

Moderator threadi
(@threadi)

1 year, 10 months ago

How did you configure the details and what do they currently look like?
Thread Starter wpbackend
(@wpbackend)

1 year, 10 months ago
In our website I am using jquery min and contact form 7 as well. Our facing issue is adding csp with nonces. How it can be implemented?

Is this nonce key used for all scripts? Need to use anywhere in the site?

while adding console issue is coming with ‘wpcf7 is not defined’ as it is uses inline script. Functionally we have to remove unsafe-inline right? It we remove, it will break the scripts
- This reply was modified 1 year, 10 months ago by wpbackend.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Adding nonce keys in CSP header’ is closed to new replies.

In: Developing with WordPress
4 replies
2 participants
Last reply from: wpbackend
Last activity: 1 year, 10 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics