Content Security Policy messes up WordPress | ww.wp.xz.cn

erenturkm
(@erenturkm)

6 years, 4 months ago
Hi,

I am trying to apply Content-Security-Polcy headers on my hosted WordPress site. I found that applying script-src ‘unsafe-inline’ directive will disable Javascript and cause some pages to go blank.
1) Is there a correct option for this specific directive to improve security?
2) Is there any other advice regarding javascript security (not involving plugins) for wordpress?

Thanks
- This topic was modified 6 years, 4 months ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not an Everything else WordPress topic
The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)

Moderator bcworkz
(@bcworkz)

6 years, 4 months ago

You would need to specify all JS sources expected on any page, not just to allow inline script only. Include ‘self’ and any external script sources, such as for Google Analytics, etc. You can use the network developer tool of your browser to help determine all external script requests for a page.

Not specific for JS, the Hardening WordPress article has many possible security measures you might want to consider.

Viewing 1 replies (of 1 total)

The topic ‘Content Security Policy messes up WordPress’ is closed to new replies.

In: Fixing WordPress
1 reply
2 participants
Last reply from: bcworkz
Last activity: 6 years, 4 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics