Profiles

  • Member Since: December 30th, 2011
  • Find me on:
  • Posted a reply to Disabling REST API breaks error reporting, on the site WordPress.org Forums:
    The plugin used AJAX in the first iterations but with the REST API becoming part…

  • Posted a reply to Should I Allow Blocked URL Access to Full File Path, on the site WordPress.org Forums:
    The full URL of any included file will be visible in the HTML source code…

  • Posted a reply to jQuery-ui loaded on front, on the site WordPress.org Forums:
    Way ahead of you - that change is being made in the next release, it…

  • Posted a reply to Online CSP Scanners Are Still Showing I have no CSPs Enforced, on the site WordPress.org Forums:
    This plugin does not modify .htaccess, apache.conf, etc. - all headers are sent through PHP.…

  • Posted a reply to Online CSP Scanners Are Still Showing I have no CSPs Enforced, on the site WordPress.org Forums:
    I see no CSP headers though I do see the other headers strict-transport-security:max-age=15552000; includeSubDomains; preload…

  • Posted a reply to Online CSP Scanners Are Still Showing I have no CSPs Enforced, on the site WordPress.org Forums:
    Did you check your server error logs, is something showing (might be a PHP compatibility…

  • Posted a reply to Logs Showing Wierd Blocked URL’s, on the site WordPress.org Forums:
    I have the weird Google domains showing up on a number of sites too. Not…

  • Posted a reply to Online CSP Scanners Are Still Showing I have no CSPs Enforced, on the site WordPress.org Forums:
    The CSP header changes depending on whether enforced or report only - the header changes…

  • Posted a reply to Enforce policies CSP Mode doesn’t work, on the site WordPress.org Forums:
    2.3 is out there with a fix for this issue

  • Committed [1819700] to Plugins SVN:
    Version 2.3 - fix readme tag

  • Posted a reply to Enforce policies CSP Mode doesn’t work, on the site WordPress.org Forums:
    I pushed version 2.3 with a fix for this, hopefully it will appear soon in…

  • Committed [1819492] to Plugins SVN:
    Version 2.3

  • Posted a reply to Version 2.2 issues, on the site WordPress.org Forums:
    Looks like there's an "empty()" check on the CSP enabled field, which is 0 for…

  • Committed [1817783] to Plugins SVN:
    Version 2.2

  • Posted a reply to WP Google maps issue, on the site WordPress.org Forums:
    It would be ironic if Google's map system didn't support these standards as Google is…

  • Posted a reply to Dareboost issues, on the site WordPress.org Forums:
    A lot of the X- options are not necessarily enforced - the X stands for…

  • Posted a reply to Manually clear log files, on the site WordPress.org Forums:
    Go to http://www.yoursite.com/wp-json and make sure it comes back with text (not an error or…

  • Posted a reply to deprecated stuff, on the site WordPress.org Forums:
    There's some deprecated functionality we have to leave for other browsers. I would remove but…

  • Posted a reply to base-uri directive, on the site WordPress.org Forums:
    Base-uri was added to version 2.1

  • Posted a reply to Wrong log url when installed on a subfolder, on the site WordPress.org Forums:
    Version 2.1 is out with updated subdirectory and nonce handling - give it a whirl.

  • Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
    Version 2.1 is out with updated subdirectory and nonce handling - give it a whirl.

  • Committed [1800571] to Plugins SVN:
    Tag 2.1 in plugin

  • Committed [1800031] to Plugins SVN:
    Version 2.1

  • Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
    The CSP header doesn't have a nonce in it report-uri https://www.wtcmalmo.se/magasinet/wp-json/wpcsp/v1/route/RestAdmin it should be something…

  • Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
    I had another thought on this, if you're seeing the wp-json output and I'm not…

  • Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
    I'm still seeing https://www.wtcmalmo.se/magasinet/wp-json with a 404 - this URL should show all the REST…

  • Posted a reply to Wrong URL to Internal Test URL Checker when WP installed in subdirectory, on the site WordPress.org Forums:
    The next version uses WordPress' built in function to get the URL so this issue…

  • Posted a reply to Wrong log url when installed on a subfolder, on the site WordPress.org Forums:
    The REST url is hard coded. There's a function get_rest_url() that may/should fix this issue.…

  • Posted a reply to base-uri directive, on the site WordPress.org Forums:
    Must have missed that one. There's also "require-sri-for". I don't want to put out any…

  • Posted a reply to is this plugin works with free Clodflare account?, on the site WordPress.org Forums:
    As I was replying I saw your tags mentioning HSTS. CSP is only one header…

  • Posted a reply to is this plugin works with free Clodflare account?, on the site WordPress.org Forums:
    According to Cloudflare support they will pass through the CSP headers https://support.cloudflare.com/hc/en-us/articles/216537517-What-is-Content-Security-Policy-CSP-and-how-can-I-use-it-with-Cloudflare- If the headers…

  • Posted a reply to Adsense / OneSignal & ‘unsafe-inline’ ‘unsafe-eval’, on the site WordPress.org Forums:
    I was working on the nonce code this afternoon and fixed all problems except one…

  • Posted a reply to Not currently showing up in scans from anyone, on the site WordPress.org Forums:
    Have a look at the network tab in developer tools and see if the initial…

  • Posted a reply to Version 1.6 Released, on the site WordPress.org Forums:
    Version 2.0 is out and appears to work in most environments.

  • Posted a reply to Version 1.8 Released, on the site WordPress.org Forums:
    Version 2.0 is out and appears to work in most environments.

  • Posted a reply to WP Content Security Log remains empty, on the site WordPress.org Forums:
    Other users have reported the error going away. I will close this ticket, if you…

  • Posted a reply to Adsense / OneSignal & ‘unsafe-inline’ ‘unsafe-eval’, on the site WordPress.org Forums:
    I have a version of WP CSP that adds nonce's to scripts/styles and the CSP…

  • Posted a reply to Adsense / OneSignal & ‘unsafe-inline’ ‘unsafe-eval’, on the site WordPress.org Forums:
    CSP article at https://developers.google.com/web/fundamentals/security/csp/ has ideas on how to make this happen. For scripts you…

  • Posted a reply to Wildcarding Adsense Domains, on the site WordPress.org Forums:
    CSP is constantly evolving and new directives are being added. Version 3 has a few…

  • Posted a reply to FEATURE: Expect CT Header and Reporting, on the site WordPress.org Forums:
    Version 2.0 is out. I also added support for report-uri.com

  • Posted a reply to 500 Error, on the site WordPress.org Forums:
    Version 2.0 is out - let me know if your issue persists.

  • Committed [1776322] to Plugins SVN:
    Version 2.0

  • Posted a reply to 500 Error, on the site WordPress.org Forums:
    I found a host with PHP 5.3 and it does appear to be that one…

  • Posted a reply to 500 Error, on the site WordPress.org Forums:
    Line 39 in wpCSPclass.php version 1.9 is empty. It might be the line const ROUTE_NAMESPACE…

  • Posted a reply to 500 Error, on the site WordPress.org Forums:
    What error did it report? Have at look at your error logs, if you can…

  • Posted a reply to FEATURE: Expect CT Header and Reporting, on the site WordPress.org Forums:
    This is in version 2.0 - I will release this Monday. In development I can…

  • Posted a reply to WP Content Security Log remains empty, on the site WordPress.org Forums:
    Version 1.9 might fix your issues - let me know.

  • Committed [1772554] to Plugins SVN:
    Version 1.9

  • Posted a reply to WP Content Security Log remains empty, on the site WordPress.org Forums:
    Start the debug console of your browser (usually F12) and refresh the page. Look at…

  • Created a topic, Version 1.8 Released, on the site WordPress.org Forums:
    Issues with getting Rest to work on 4.8 and 4.9 are no…