You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The CSP plugin is very basic and relies on the admin to write these very long and complicated CSP directives in a single text area. It is very raw. It is also very hard for an admin to even begin understanding what policies to put in place unless you are actively following the CSP specs as they evolve.
I'm proposing to improve to improve this plugin so that instead of a single directive, you instead get a big list of all of the Level 3 directives and where appropriate either check boxes or radio boxes or free text fields. This will make it much easier to see at a glance and understand the current policies in place. https://www.w3.org/TR/CSP3/
As new CSP versions are supported this will create new admin settings which will prompt the admin to fill them in on upgrade.
It will still support the current textarea and just concat that into the policy.
Proposing a single new config item which is a custom table
Directive Name
Report value
Live value
default-src
https: 'unsafe-inline'
https: 'unsafe-inline'
script-src
img-src
https: data: .yimg.com .twimg.com
[dropdown]
The text was updated successfully, but these errors were encountered:
The CSP plugin is very basic and relies on the admin to write these very long and complicated CSP directives in a single text area. It is very raw. It is also very hard for an admin to even begin understanding what policies to put in place unless you are actively following the CSP specs as they evolve.
I'm proposing to improve to improve this plugin so that instead of a single directive, you instead get a big list of all of the Level 3 directives and where appropriate either check boxes or radio boxes or free text fields. This will make it much easier to see at a glance and understand the current policies in place.
https://www.w3.org/TR/CSP3/
As new CSP versions are supported this will create new admin settings which will prompt the admin to fill them in on upgrade.
It will still support the current textarea and just concat that into the policy.
Proposing a single new config item which is a custom table
'unsafe-inline'
'unsafe-inline'
data:
.yimg.com
.twimg.com
The text was updated successfully, but these errors were encountered: