Suggestion: Replace Wordfence’s unsafe-inline scripts

  • Now that it’s possible to make the WordPress frontend compatible with secure CSPs, it would be great if Wordfence removed the reliance on unsafe-inline scripts. The current version of Wordfence adds unsafe-inline scripts on both the login page and the page for enabling two-factor authentication.

    Please consider moving the scripts to linked files. If that isn’t possible, please print them in the right way so that we can add a nonce to them using the wp_script_attributes filter.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Thanks for the suggestion @karlemilnikka!

    I have passed this on to the team, and it seems on first glance to be connected to an open case we have to make changes to the scripts we use and how they’re used for Content Security Policy.

    Many thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Suggestion: Replace Wordfence’s unsafe-inline scripts’ is closed to new replies.