It’s lightweight and developer-friendly. I like it!

  • coderars

    (@coderars)


    4 years ago

    The title says it all. It’s lightweight and free from useless fancy things. I feel it was developed for developers, which is great! It was easy to add some extra lines (overrides) to my CSS, and totally redesign the whole appearance of the plugin to fit my theme. I like the simplicity of the settings and the customization possibilities under the hood. Bonus star for the included SCSS (easy overrides) files and the built-in “link back to settings” option! I think I found the best cookie plugin for my needs ?? Thank you for providing this great tool for free!

    One note: Be aware if you are using some (static) caching plugin like “cache-enabler” it’s more than likely you have to set the “Use meta” option for the CSP header to be sent out in <head> instead of the response header (default) because the plugin’s PHP will not run if your site was served from static-generated cache, but it’s NOT the plugin’s fault.

    One note: Be careful if you are using static HTML caching plugins (like cache-enabler) because they can prevent this plugin from working correctly. See my comments below.

    To the author: Maybe it should be mentioned in the description of this option to prevent some downvotes by less technical users.

    • This topic was modified 4 years ago by coderars.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Johan Jonk Stenstr?m

    (@jonkastonka)

    Thanks for the nice review!

    Do you think that would be best to explain under The settings does not seem to have an effect. What do I do? or a new question? Where would you look?

    Thread Starter coderars

    (@coderars)

    Placing it into that linked question would be enough I think.
    Or maybe just a bit modification to the checkbox label:

    Use meta. If your host blocks setting php header() or using static page cache, check this to add CSP as a meta tag in the header instead.

    …or something like that.

    Plugin Author Johan Jonk Stenstr?m

    (@jonkastonka)

    Thanks!

    Thread Starter coderars

    (@coderars)

    @jonkastonka sorry, I was wrong and misleading about my caching problem ?? Using the meta tag won’t fix it either. The problem is more complex, unfortunately, the cache-enabler plugin (and probably some other similar solutions) blocks this plugin’s CSP logic: generating a custom CSP header for every visitor based on his stored cookie consent settings to block/allow loading resources.

    With an empty cache, cache-enabler stores the WHOLE response of the ongoing request, and after that, the following visitors will be served with that cache without fully (or even) loading WordPress. So CSP meta won’t be actualized for the current visitor. The same is true for the default php header() setting because that won’t run at all.

    Also, there are caching plugins (cache-enabler, nginx-helper, etc) that can be configured with included webserver configs (example) to let the webserver directly send the cached content without running any php. Using these techniques kills the logic of this plugin ??

    Plugin Author Johan Jonk Stenstr?m

    (@jonkastonka)

    You should probably look at a real cache (serverside) rather than a plugin.

    Thread Starter coderars

    (@coderars)

    My server is well optimized, but it was nice to have ~20ms response times with static HTML caching. Nginx can do this native with FastCGI cache but unfortunately, this wasn’t the first time static caching made me trouble. The speed it gives just not worth the risks, so I’m rather going to avoid using them.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘It’s lightweight and developer-friendly. I like it!’ is closed to new replies.