Excessive results in external and inline scripts tabs

  • Hello, we installed this plugin recently in hopes of being able to have a safe CSP. We followed steps 1 -3 in the instructions without any problems. On step 4 when we went to look at the results in the external and inline scripts tabs there were 1000+ and 250+ results respectively. This seems way out of line for what is not a very big site. Also, just looking at a few of the img-src entries, there are numerous ones where a base rule already captured the main url. For example the Base Rule section captured https://ps.w.org, but in the External tab there were entries with deeper url’s (ex. https://ps.w.org/all-in-one-seo-pack/assets/icon.svg?rev=2443290). How are we supposed to parse a list of this size to determine what actually needs to be whitelisted?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Giuseppe

    (@mociofiletto)

    For external img you are absolutely right. I am working on a fix to do not collect url on the same domain (CSP doesn’t support hashes for img, so it is unusefull to grab them). In my tests this will reduce server load and speed up the whole stuff.

    For inline script, you have to cluster the database. In any wp installation there are “localized” scripts that change at each page load, so it is common to record many of them in a regular installation.

    Thanks for your report.

    Thread Starter catalano

    (@catalano)

    Thank you for the followup. For the Inline tab, I did the clustering. The result was 14 pages of entries. The first 2 pages had cluster information displayed and the remaining 12 pages show ‘unclustered’. So is the intended process to whitelist those 2 pages of clustered items?

    Plugin Author Giuseppe

    (@mociofiletto)

    When you run “Clustering”, if one of the clustered script is whitelisted, all of them will be whitelisted.

    I have just pushed some work in development version, so please check it (I have removed imgs from the external table).

    About the numerosity of entries in tables, this is quite normal (however you can use screen settings to show more items per page)

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Excessive results in external and inline scripts tabs’ is closed to new replies.