Allowing “Converter for Media” to work in nginx CSP

  • Resolved danrancan

    (@danrancan)


    1 year, 7 months ago

    Hi, I am trying to create a strict Content Security Policy in my Nginx configuration, and I want to be sure that any outside sources that this plugin uses are included in my policy.

    In my Nginx virtual hosts server block, I am starting off with the following strict Content Security Policy:

    add_header Content-Security-Policy "default-src 'self';

    Is there anything that converter for media uses that isn’t included in ‘self’, that would need to be included in a strict content security policy header?

    If so, could you please tell me what else I need to include in my Nginx header (specifying img-src rules, style-src rules, script-src rules, connect-src rules, and any other etc-src etc-src rules to keep a strict CSP while still allowing this plugin to be fully functional? Thanks so much for any help!

    # PLEASE DISREGARD THE BELOW INFO: IT IS ADDITIONAL RANDOM CONTENT TO PREVENT WORDPRESS FROM THINKING I AM CREATING DUPLICATE POSTS IN OTHER PLUGIN PAGES:

    • This topic was modified 1 year, 7 months ago by James Huff.
    • This topic was modified 1 year, 7 months ago by James Huff. Reason: wikipedia content removed
Viewing 1 replies (of 1 total)
  • Plugin Author Mateusz Gbiorczyk

    (@mateuszgbiorczyk)

    Hi @danrancan,

    Thank you for your message.

    I don’t think you need to add anything on this point. The plugin does not change the way images are loaded, so the CSP rules remain the same.

    Do you have any problem using the plugin?

    Best,
    Mateusz

Viewing 1 replies (of 1 total)
  • The topic ‘Allowing “Converter for Media” to work in nginx CSP’ is closed to new replies.