/ Register

Want more timely Centmin Mod News Updates?
Become a Member

Security content security policy suggestions

Discussion in 'System Administration' started by hitman, Jun 22, 2018.

Previous Thread Next Thread
Loading...
  1. Jun 22, 2018 #1
    hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    11:59 AM
    i am looking into adding some content security policy on a wordpress site i am running to play with it a bit

    for example this line
    Code:
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
    would only allow content from self and i believe allow the inline css and js
    i have not tried it yet, but what is you opinion in general about adding csp for better security?
     
  2. Jun 22, 2018 #2
    eva2000

    eva2000 Administrator Staff Member

    58,894
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    6:59 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    take a read of all Scott's articles on his site including Content Security Policy - An Introduction - in theory nice as long as you're not using Google Adsense or similar advertisers which would be a continuous and ongoing amount of CSP whitelisting work to do.
     
Previous Thread Next Thread
Loading...

.