-
Posted a reply to Disabling REST API breaks error reporting, on the site WordPress.org Forums:
The plugin used AJAX in the first iterations but with the REST API becoming part… -
Posted a reply to Should I Allow Blocked URL Access to Full File Path, on the site WordPress.org Forums:
The full URL of any included file will be visible in the HTML source code… -
Posted a reply to jQuery-ui loaded on front, on the site WordPress.org Forums:
Way ahead of you - that change is being made in the next release, it… -
Posted a reply to Online CSP Scanners Are Still Showing I have no CSPs Enforced, on the site WordPress.org Forums:
This plugin does not modify .htaccess, apache.conf, etc. - all headers are sent through PHP.… -
Posted a reply to Online CSP Scanners Are Still Showing I have no CSPs Enforced, on the site WordPress.org Forums:
I see no CSP headers though I do see the other headers strict-transport-security:max-age=15552000; includeSubDomains; preload… -
Posted a reply to Online CSP Scanners Are Still Showing I have no CSPs Enforced, on the site WordPress.org Forums:
Did you check your server error logs, is something showing (might be a PHP compatibility… -
Posted a reply to Logs Showing Wierd Blocked URL’s, on the site WordPress.org Forums:
I have the weird Google domains showing up on a number of sites too. Not… -
Posted a reply to Online CSP Scanners Are Still Showing I have no CSPs Enforced, on the site WordPress.org Forums:
The CSP header changes depending on whether enforced or report only - the header changes… -
Posted a reply to Enforce policies CSP Mode doesn’t work, on the site WordPress.org Forums:
2.3 is out there with a fix for this issue -
Committed [1819700] to Plugins SVN:
Version 2.3 - fix readme tag -
Posted a reply to Enforce policies CSP Mode doesn’t work, on the site WordPress.org Forums:
I pushed version 2.3 with a fix for this, hopefully it will appear soon in… -
Committed [1819492] to Plugins SVN:
Version 2.3 -
Posted a reply to Version 2.2 issues, on the site WordPress.org Forums:
Looks like there's an "empty()" check on the CSP enabled field, which is 0 for… -
Committed [1817783] to Plugins SVN:
Version 2.2 -
Posted a reply to WP Google maps issue, on the site WordPress.org Forums:
It would be ironic if Google's map system didn't support these standards as Google is… -
Posted a reply to Dareboost issues, on the site WordPress.org Forums:
A lot of the X- options are not necessarily enforced - the X stands for… -
Posted a reply to Manually clear log files, on the site WordPress.org Forums:
Go to http://www.yoursite.com/wp-json and make sure it comes back with text (not an error or… -
Posted a reply to deprecated stuff, on the site WordPress.org Forums:
There's some deprecated functionality we have to leave for other browsers. I would remove but… -
Posted a reply to base-uri directive, on the site WordPress.org Forums:
Base-uri was added to version 2.1 -
Posted a reply to Wrong log url when installed on a subfolder, on the site WordPress.org Forums:
Version 2.1 is out with updated subdirectory and nonce handling - give it a whirl. -
Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
Version 2.1 is out with updated subdirectory and nonce handling - give it a whirl. -
Committed [1800571] to Plugins SVN:
Tag 2.1 in plugin -
Committed [1800031] to Plugins SVN:
Version 2.1 -
Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
The CSP header doesn't have a nonce in it report-uri https://www.wtcmalmo.se/magasinet/wp-json/wpcsp/v1/route/RestAdmin it should be something… -
Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
I had another thought on this, if you're seeing the wp-json output and I'm not… -
Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
I'm still seeing https://www.wtcmalmo.se/magasinet/wp-json with a 404 - this URL should show all the REST… -
Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
The next version uses WordPress' built in function to get the URL so this issue… -
Posted a reply to Wrong log url when installed on a subfolder, on the site WordPress.org Forums:
The REST url is hard coded. There's a function get_rest_url() that may/should fix this issue.… -
Posted a reply to base-uri directive, on the site WordPress.org Forums:
Must have missed that one. There's also "require-sri-for". I don't want to put out any… -
Posted a reply to is this plugin works with free Clodflare account?, on the site WordPress.org Forums:
As I was replying I saw your tags mentioning HSTS. CSP is only one header… -
Posted a reply to is this plugin works with free Clodflare account?, on the site WordPress.org Forums:
According to Cloudflare support they will pass through the CSP headers https://support.cloudflare.com/hc/en-us/articles/216537517-What-is-Content-Security-Policy-CSP-and-how-can-I-use-it-with-Cloudflare- If the headers… -
Posted a reply to Adsense / OneSignal & ‘unsafe-inline’ ‘unsafe-eval’, on the site WordPress.org Forums:
I was working on the nonce code this afternoon and fixed all problems except one… -
Posted a reply to Not currently showing up in scans from anyone, on the site WordPress.org Forums:
Have a look at the network tab in developer tools and see if the initial… -
Posted a reply to Version 1.6 Released, on the site WordPress.org Forums:
Version 2.0 is out and appears to work in most environments. -
Posted a reply to Version 1.8 Released, on the site WordPress.org Forums:
Version 2.0 is out and appears to work in most environments. -
Posted a reply to WP Content Security Log remains empty, on the site WordPress.org Forums:
Other users have reported the error going away. I will close this ticket, if you… -
Posted a reply to Adsense / OneSignal & ‘unsafe-inline’ ‘unsafe-eval’, on the site WordPress.org Forums:
I have a version of WP CSP that adds nonce's to scripts/styles and the CSP… -
Posted a reply to Adsense / OneSignal & ‘unsafe-inline’ ‘unsafe-eval’, on the site WordPress.org Forums:
CSP article at https://developers.google.com/web/fundamentals/security/csp/ has ideas on how to make this happen. For scripts you… -
Posted a reply to Wildcarding Adsense Domains, on the site WordPress.org Forums:
CSP is constantly evolving and new directives are being added. Version 3 has a few… -
Posted a reply to FEATURE: Expect CT Header and Reporting, on the site WordPress.org Forums:
Version 2.0 is out. I also added support for report-uri.com -
Posted a reply to 500 Error, on the site WordPress.org Forums:
Version 2.0 is out - let me know if your issue persists. -
Committed [1776322] to Plugins SVN:
Version 2.0 -
Posted a reply to 500 Error, on the site WordPress.org Forums:
I found a host with PHP 5.3 and it does appear to be that one… -
Posted a reply to 500 Error, on the site WordPress.org Forums:
Line 39 in wpCSPclass.php version 1.9 is empty. It might be the line const ROUTE_NAMESPACE… -
Posted a reply to 500 Error, on the site WordPress.org Forums:
What error did it report? Have at look at your error logs, if you can… -
Posted a reply to FEATURE: Expect CT Header and Reporting, on the site WordPress.org Forums:
This is in version 2.0 - I will release this Monday. In development I can… -
Posted a reply to WP Content Security Log remains empty, on the site WordPress.org Forums:
Version 1.9 might fix your issues - let me know. -
Committed [1772554] to Plugins SVN:
Version 1.9 -
Posted a reply to WP Content Security Log remains empty, on the site WordPress.org Forums:
Start the debug console of your browser (usually F12) and refresh the page. Look at… -
Created a topic, Version 1.8 Released, on the site WordPress.org Forums:
Issues with getting Rest to work on 4.8 and 4.9 are no…