/ Register

Join the community today
Register Now

Security content security policy suggestions

Discussion in 'System Administration' started by hitman, Jun 22, 2018.

Previous Thread Next Thread
Loading...
  1. Jun 22, 2018 #1
    hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    1:43 PM
    i am looking into adding some content security policy on a wordpress site i am running to play with it a bit

    for example this line
    Code:
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
    would only allow content from self and i believe allow the inline css and js
    i have not tried it yet, but what is you opinion in general about adding csp for better security?
     
  2. Jun 22, 2018 #2
    eva2000

    eva2000 Administrator Staff Member

    58,895
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    8:43 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    take a read of all Scott's articles on his site including Content Security Policy - An Introduction - in theory nice as long as you're not using Google Adsense or similar advertisers which would be a continuous and ongoing amount of CSP whitelisting work to do.
     
Previous Thread Next Thread
Loading...

.