Replies: 1
Hi,
first of all I must thank you for your patience and support.
1.
Iam using the frontend CSP option and at the moment I am inserting hashes to avoid unsafe-inline – in Chrome I have noticed that chrome shows no great problems directly after entering and saving the CSP. Chrome only accepts hashes with an empty space inbetween and this is where your plugin causes the problem – after leaving WordPress the plugin seems to reformat the CSP and while doing this also deletes the empty spaces. Result: now Chrome refuses the hashes as invalid.
Is there a way to avoid this – if not can I seperatly add a CSP for the frontend
ina .htacces for example (please have patience – just a pointer)
2.
I can also configure the dasboard (backend?) CSP.
Could I theoretically delete unsafe-inline and unsafe-eval, if WordPress (core), used theme and plugins do use inline-scripts/styles and eval()?
If yes – does your plugin need inline-scripts/styles or eval()?