Posted a reply to Disabling REST API breaks error reporting, on the site WordPress.org Forums:
The plugin used AJAX in the first iterations but with the REST API becoming part…

Posted a reply to Should I Allow Blocked URL Access to Full File Path, on the site WordPress.org Forums:
The full URL of any included file will be visible in the HTML source code…

Posted a reply to jQuery-ui loaded on front, on the site WordPress.org Forums:
Way ahead of you - that change is being made in the next release, it…

Posted a reply to Online CSP Scanners Are Still Showing I have no CSPs Enforced, on the site WordPress.org Forums:
This plugin does not modify .htaccess, apache.conf, etc. - all headers are sent through PHP.…

Posted a reply to Online CSP Scanners Are Still Showing I have no CSPs Enforced, on the site WordPress.org Forums:
I see no CSP headers though I do see the other headers strict-transport-security:max-age=15552000; includeSubDomains; preload…

Posted a reply to Online CSP Scanners Are Still Showing I have no CSPs Enforced, on the site WordPress.org Forums:
Did you check your server error logs, is something showing (might be a PHP compatibility…

Posted a reply to Logs Showing Wierd Blocked URL’s, on the site WordPress.org Forums:
I have the weird Google domains showing up on a number of sites too. Not…

Posted a reply to Online CSP Scanners Are Still Showing I have no CSPs Enforced, on the site WordPress.org Forums:
The CSP header changes depending on whether enforced or report only - the header changes…

Posted a reply to Enforce policies CSP Mode doesn’t work, on the site WordPress.org Forums:
2.3 is out there with a fix for this issue

Posted a reply to Enforce policies CSP Mode doesn’t work, on the site WordPress.org Forums:
I pushed version 2.3 with a fix for this, hopefully it will appear soon in…

Posted a reply to Version 2.2 issues, on the site WordPress.org Forums:
Looks like there's an "empty()" check on the CSP enabled field, which is 0 for…

Posted a reply to WP Google maps issue, on the site WordPress.org Forums:
It would be ironic if Google's map system didn't support these standards as Google is…

Posted a reply to Dareboost issues, on the site WordPress.org Forums:
A lot of the X- options are not necessarily enforced - the X stands for…

Posted a reply to Manually clear log files, on the site WordPress.org Forums:
Go to http://www.yoursite.com/wp-json and make sure it comes back with text (not an error or…

Posted a reply to deprecated stuff, on the site WordPress.org Forums:
There's some deprecated functionality we have to leave for other browsers. I would remove but…

Posted a reply to base-uri directive, on the site WordPress.org Forums:
Base-uri was added to version 2.1

Posted a reply to Wrong log url when installed on a subfolder, on the site WordPress.org Forums:
Version 2.1 is out with updated subdirectory and nonce handling - give it a whirl.

Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
Version 2.1 is out with updated subdirectory and nonce handling - give it a whirl.

Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
The CSP header doesn't have a nonce in it report-uri https://www.wtcmalmo.se/magasinet/wp-json/wpcsp/v1/route/RestAdmin it should be something…

Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
I had another thought on this, if you're seeing the wp-json output and I'm not…

Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
I'm still seeing https://www.wtcmalmo.se/magasinet/wp-json with a 404 - this URL should show all the REST…

Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
The next version uses WordPress' built in function to get the URL so this issue…

Posted a reply to Wrong log url when installed on a subfolder, on the site WordPress.org Forums:
The REST url is hard coded. There's a function get_rest_url() that may/should fix this issue.…

Posted a reply to base-uri directive, on the site WordPress.org Forums:
Must have missed that one. There's also "require-sri-for". I don't want to put out any…

Posted a reply to is this plugin works with free Clodflare account?, on the site WordPress.org Forums:
As I was replying I saw your tags mentioning HSTS. CSP is only one header…

Posted a reply to is this plugin works with free Clodflare account?, on the site WordPress.org Forums:
According to Cloudflare support they will pass through the CSP headers https://support.cloudflare.com/hc/en-us/articles/216537517-What-is-Content-Security-Policy-CSP-and-how-can-I-use-it-with-Cloudflare- If the headers…

Posted a reply to Adsense / OneSignal & ‘unsafe-inline’ ‘unsafe-eval’, on the site WordPress.org Forums:
I was working on the nonce code this afternoon and fixed all problems except one…

Posted a reply to Not currently showing up in scans from anyone, on the site WordPress.org Forums:
Have a look at the network tab in developer tools and see if the initial…

Posted a reply to Version 1.6 Released, on the site WordPress.org Forums:
Version 2.0 is out and appears to work in most environments.

Posted a reply to Version 1.8 Released, on the site WordPress.org Forums:
Version 2.0 is out and appears to work in most environments.

Posted a reply to WP Content Security Log remains empty, on the site WordPress.org Forums:
Other users have reported the error going away. I will close this ticket, if you…

Posted a reply to Adsense / OneSignal & ‘unsafe-inline’ ‘unsafe-eval’, on the site WordPress.org Forums:
I have a version of WP CSP that adds nonce's to scripts/styles and the CSP…

Posted a reply to Adsense / OneSignal & ‘unsafe-inline’ ‘unsafe-eval’, on the site WordPress.org Forums:
CSP article at https://developers.google.com/web/fundamentals/security/csp/ has ideas on how to make this happen. For scripts you…

Posted a reply to Wildcarding Adsense Domains, on the site WordPress.org Forums:
CSP is constantly evolving and new directives are being added. Version 3 has a few…

Posted a reply to FEATURE: Expect CT Header and Reporting, on the site WordPress.org Forums:
Version 2.0 is out. I also added support for report-uri.com

Posted a reply to 500 Error, on the site WordPress.org Forums:
Version 2.0 is out - let me know if your issue persists.

Posted a reply to 500 Error, on the site WordPress.org Forums:
I found a host with PHP 5.3 and it does appear to be that one…

Posted a reply to 500 Error, on the site WordPress.org Forums:
Line 39 in wpCSPclass.php version 1.9 is empty. It might be the line const ROUTE_NAMESPACE…

Posted a reply to 500 Error, on the site WordPress.org Forums:
What error did it report? Have at look at your error logs, if you can…

Posted a reply to FEATURE: Expect CT Header and Reporting, on the site WordPress.org Forums:
This is in version 2.0 - I will release this Monday. In development I can…

Posted a reply to WP Content Security Log remains empty, on the site WordPress.org Forums:
Version 1.9 might fix your issues - let me know.

Posted a reply to WP Content Security Log remains empty, on the site WordPress.org Forums:
Start the debug console of your browser (usually F12) and refresh the page. Look at…