search

jquery / jquery-wp-content

WordPress themes and plugins for the jQuery sites
GNU General Public License v2.0
253 stars 169 forks source link

All: add Content-Security-Policy-Report-Only header to all wordpress sites #463

Closed timmywil closed 1 week ago

timmywil commented 1 month ago

Ref jquery/infrastructure-puppet#54 Ref jquery/infrastructure-puppet#57

This adds a filter that the API sites can override to allow for inline scripts and styles only in API demos.

I'm thinking we can use this in combination with a header set in infrastructure-puppet for non-wordpress sites.

Krinkle commented 4 weeks ago

@timmywil Should we limit this to a STAGING conditional at first? The headers hook function could return early when not.

timmywil commented 4 weeks ago

@Krinkle Absolutely. I also didn't mean to set csp instead of the report header. Both are fixed now.