Content security policy inclusions when using this plugin?
-
Hi, I am trying to create a strict Content Security Policy (Header) in my Nginx configuration, and I want to be sure that any outside sources that this plugin uses are included in my policy.
In my Nginx virtual hosts server block, I am starting off with the following strict Content Security Policy:
add_header Content-Security-Policy "default-src 'self';
Is there anything that this plugin uses that isn’t included in ‘self’, that would need to be included in a strict content security policy header?
If so, could you please tell me what else I need to include in my Nginx header (specifying
img-src
rules,style-src
rules,script-src
rules,connect-src
rules, and any otheretc-src
etc-src
rules to keep a strict CSP while still allowing this plugin to be fully functional? Thanks so much for any help!The page I need help with: [log in to see the link]
- The topic ‘Content security policy inclusions when using this plugin?’ is closed to new replies.