Changes between Initial Version and Version 1 of Ticket #39941, comment 101
- Timestamp:
- 10/22/2021 09:02:06 PM (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #39941, comment 101
initial v1 4 4 You can safely remove `unsafe-inline` from the CSP header on pages on which every piece of JavaScript is included via a nonced script tag. 5 5 6 You can inject nonces in script tags printed using `wp_script_attributes`. If a WordPress page contains a script tag that is not generated with `wp_script_attributes`, it will be blocked by Strict CSP.6 You can inject nonces in script tags printed using `wp_script_attributes`. If a WordPress page contains a script tag that is not nonced, it will be blocked by Strict CSP. 7 7 8 8 You should check if the pages you are interested in satisfy the above requirements, if they don't, you can manually modify the pages and make them compliant.