Support » Plugin: HTTP Headers » Semi-abandoned Project

  • The author tried to slip some new features into a bug-fix release and broke backward compatibility. I raised the issue in the support forum 2 weeks ago and have not yet received a response from the author. A scan of the support forum shows that he does not respond to most threads.

    In the meantime, the plugin fails to produce a Content-Security-Policy header, making it useless for my purposes. Furthermore, it fails silently; current users might not even notice that it’s broken.

    Update 2019-04-20: changed rating from 1 star to 2 stars

    Update 2019-05-15 I have not only kept this plugin active on my site, I have also installed it on a second site. In fairness, despite my frustration with the author, I am bumping my review to 4 stars because it’s the best header plugin I could find.

    • This topic was modified 6 months, 3 weeks ago by Gord.
    • This topic was modified 6 months, 1 week ago by Gord. Reason: Increasing the rating
    • This topic was modified 6 months, 1 week ago by Gord.
Viewing 3 replies - 1 through 3 (of 3 total)
  • We to have the problemen that not all settings are beïng applied.
    It might be a syntax error somewhere in the policie content, but there is no easy way to find that.

    Plugin Author Dimitar Ivanov



    In your initial support thread about the “Feature-Policy” header that you’ve complained about a non-existent bug, I just spent enough time to understand that you just do not know how to use the plug-in’s user interface. Maybe it’s not important for you.

    There you mention another issue this time with the “Content-Security-Policy” header and made a feature request (a transform feature) that I do not plan to implement for now, and I do not have to. I also gave you ideas on how to overcome your problem.

    Still not happy? I hope after you giving me a 1 star rating will satisfy you.

    You found a time to write a review (ofcourse a negative one) only when I did not answer your second question about the same problem from your previous support thread although you obviously use the plugin before its last version. How thankful you are.

    Your rating is based on your experience with just one header, although the plugin supports 30+ headers. How about that?

    Let me share some other facts you may forget:
    1. You are using this plugin for FREE.
    2. I have a full-time job.
    3. This is a side project.
    4. You can uninstall the plugin at any time.

    Your statement that I do not respond to requests for support is more than untrue. I respond, and often released user requests for new functionalities and bugfixes. And yes, these are not 100% of the support threads, as some of them are simply not applicable, wrong or out of focus of the plugin.

    After all, I hope you will answer yourself if I’m willing to help you anymore.

    Before I get into my reply, I will mention that I finally got it working today after giving up on waiting. In a nutshell, I had to spend a couple of hours recreating my policy from scratch and re-testing everything. As such, I’m changing my rating from * (“Poor”) to ** (“Works”).

    That said:

    The rating is not based on one header. It’s based on the lack of testing, the lack of documentation, and mostly the lack of responsiveness of the author. Posting a negative review elicits more of a response than reporting a broken security header. People considering this plugin need to know what they’re getting into.

    made a feature request (a transform feature) that I do not plan to implement for now, and I do not have to.

    You told me to “try to transform the CSP settings” to make it compatible with the new version. I didn’t ask for a new feature; I simply asked for instructions on how to use the transformation feature you mentioned. If you haven’t implemented this feature and don’t plan to do so, then asking me to try it makes no sense.

    Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.

    Seems like one of the more important headers out of the 30+ to me.

    I will grant you that there are topics in the support forum that are beyond the scope of this plugin. But that doesn’t let you off the hook for acknowledging the tickets that are legitimate bug reports in a timely manner.

    If you had simply taken a minute to acknowledge that there was a problem with the plugin and that you were looking into it, this would have played out very differently. But you ignored it, and now you are getting defensive when the plugin gets a negative review.

    • This reply was modified 6 months, 3 weeks ago by Gord.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Semi-abandoned Project’ is closed to new replies.