ifoundries
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: WordPress and CSP script-src : ‘unsafe-inline’Yeah, @gappiah . I understand. Thank you for explanation.
There’s no “workaround” or hack per se for this, but there’s a proper, secure way to implement CSP while allowing inline scripts… which is to use either hashes or nonses for your inline scripts.
–> I agree with this. However, If I want to do this way, I presume this will modify the core files of WordPress. Am I correct to say that?- This reply was modified 4 years, 7 months ago by ifoundries.
- This reply was modified 4 years, 7 months ago by ifoundries.
Forum: Fixing WordPress
In reply to: WordPress and CSP script-src : ‘unsafe-inline’Hi @gappiah ,
Thank you for your reply.
I would like to know if there is any workaround. If there is no workaround, please clearly state that this cannot be done as WP needed this CSP script-src : ‘unsafe-inline’ ‘unsafe-eval’
At least, I can let my customer about it.
Thank you
Andreas
Forum: Fixing WordPress
In reply to: WordPress and CSP script-src : ‘unsafe-inline’Anybody can help on this? Thanks!
Forum: Fixing WordPress
In reply to: WordPress and CSP script-src : ‘unsafe-inline’actually not only ‘unsafe-inline’, but also ‘unsafe-eval’ .