The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

[resolved] Content Security Policy for a wordpress site (3 posts)

  1. terungwa
    Posted 2 years ago #

    in mitigating the risk of cross-site scripting and other content-injection attacks I set up a Content Security Policy which whitelists trusted sources of content for my site.

    In crafting a reasonable policy for my site i have set out to creating a whitelist of scripts, I needed to know the different sources of scripts loaded by wordpress as it is impossible to come up with a reasonable policy without this details.

    I was wondering if anyone has dealt with this issue on their site.

    I would appreciate feedback.

    Regards to all.

  2. esmi
    Forum Moderator
    Posted 2 years ago #

    WordPress itself does not load scripts from anywhere else. It is completely self-contained. as yo your theme and plugins - you'll need to investigate each of them separately.

  3. terungwa
    Posted 2 years ago #

    Thanks, one less variable to deal with on my list.

Topic Closed

This topic has been closed to new replies.

About this Topic