CSP hides quick edit

Resolved fesarlis
(@fesarlis)

8 years, 7 months ago

I have noticed that when ‘Allow Inline Scripts and CSS’ is not enabled under CSP settings, Quick Edit button under posts is missing. Not sure if other things are missing yet.

Why is this happening?

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author Paul
(@paultgoodchild)

8 years, 7 months ago

This must be because there is in-line javascript being use to generate and control the quick edit button. If you disable inline scripts, then this button, and potentially other things will break. Not all settings will be applicable to your site and you need to test them.

Thread Starter fesarlis
(@fesarlis)

8 years, 7 months ago

I understand. However it seems kind of strange that enforcing CSP will mess WP’s admin interface. We’re not talking about the frontend here, which would obviously be the webmaster’s responsibility.

In any case, and as I do not consider myself a CSP expert: does your plugin give me the ability to exclude admin interface (or even the whole site) somehow? Just using ‘self’ does not seem enough.

Thank you
Plugin Author Paul
(@paultgoodchild)

8 years, 7 months ago
Unfortunately the WordPress admin codebase isn’t as refined as we’d like. There are plenty of inline scripts and CSS in the WordPress admin.

If you want to pinpoint the cause of the problem, have a look at your browsers console for the warning/error messages.

We do not currently have the option to apply this to the front and back ends separately. It’s a complex feature that certainly needs some refinement.
- This reply was modified 8 years, 7 months ago by Paul.
Thread Starter fesarlis
(@fesarlis)

8 years, 7 months ago

I see. In such a case IMHO you should at least mention this under each CSP setting because it does not seem obvious 🙂

Thanks

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘CSP hides quick edit’ is closed to new replies.