Making Inline Script Inject via
-
I’m working on setting up CSP headers for a site, and while adding a nonce to the scripts I encountered problems with one of the scripts in WP Fastest Cache because it’s just printed into the page inline, and it’s dynamically generated so I can’t just use a hash for it. It’s tiny change to make it. This lets other code attach attributes such as the nonce to the script tag as outlined here: https://make.ww.wp.xz.cn/core/2021/02/23/introducing-script-attributes-related-functions-in-wordpress-5-7/
I’ve tested it locally offline and it appears to be working – would you be able to incorporate this into the plugin?Index: inc/admin-toolbar.php
===================================================================
--- inc/admin-toolbar.php (revision 3325388)
+++ inc/admin-toolbar.php (working copy)
@@ -31,12 +31,8 @@
}
public function print_my_inline_script() {
- ?>
- <script type="text/javascript">
- var wpfc_ajaxurl = "<?php echo admin_url( 'admin-ajax.php' ); ?>";
- var wpfc_nonce = "<?php echo wp_create_nonce("wpfc"); ?>";
- </script>
- <?php
+ $inline_script = 'var wpfc_ajaxurl = "' . admin_url('admin-ajax.php') . '"; var wpfc_nonce = "' . wp_create_nonce('wpfc') . '";';
+ wp_add_inline_script('wpfc-toolbar', $inline_script, 'before');
}
public function wpfc_tweaked_toolbar_on_frontpage() {
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
The topic ‘Making Inline Script Inject via’ is closed to new replies.
