Content Security Policy | ww.wp.xz.cn

Anonymous User 14978628
(@anonymized-14978628)

8 years, 11 months ago

Hi,

I just setup my content security policy and checked it with https://securityheaders.io/ as recommended on your website.

The scan gave me a warning about “unsafe-inline” and ‘unsafe-eval’ being dangerous. I’m not quite sure what this means, but from what i understand this relates to loading over http instead of https? Is that correct? Before when i had “allow eval” unchecked my visual editor didn’t work.

I have also whitelisted permitted hosts and domains as below. Is it correct that i don’t need to specify my own domain name due to the “allow ‘self’ directive” being enabled?

And do i need to include the domains i’ve whitelisted such as for a social bookmarking plugin (facebook, twitter etc…) the wordpress domains for the admin area, and the schema.org domain for meta text?

https://fonts.googleapis.com
*.schema.org
*.i.ytimg.com
*.youtube.com
*.youtu.be
*.facebook.com
*.twitter.com
https://plus.google.com
*.reddit.com
https://codex.ww.wp.xz.cn

Home

https://www.google-analytics.com

Thanks

The topic ‘Content Security Policy’ is closed to new replies.

0 replies
1 participant
Last activity: 8 years, 11 months ago
Status: not resolved