Custom CSP for wp-admin

  • Thank you for the great plugin! It was really easy to set up the correct values for me.
    Sadly the settings are too restrictive for the wp-admin area. Some plugins as well as the wordpress cms itself seem to have problems with those settings:

    # HTTP security settings start

Header set Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Header set Content-Security-Policy " default-src https://oeko-invest.net/; block-all-mixed-content; upgrade-insecure-requests;"
Feature-Policy: autoplay 'none'; camera 'none'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; vr 'none';
Header set Referrer-Policy: same-origin
Header set X-XSS-Protection: "1; mode=block"

# HTTP security settings end

    Is it possible to set multiple CSPs? Is this a feature you are considering or is there a way I can set the .htaccess file myself?

    • This topic was modified 5 years, 9 months ago by JohannesDeml.
    • This topic was modified 5 years, 9 months ago by JohannesDeml.
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Custom CSP for wp-admin’ is closed to new replies.