Support for script nonces?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    That’s interesting and should not be difficult to implement. If there was a hook, we could use it.

    Thread Starter Ragnar Karlsson

    (@ragnarkarlsson)

    I’d love to see Ninjafirewall have a more interactive CSP generator, rather than pasting it in. For example https://report-uri.com/home/generate is a great resource, would be nice if I could just tick a box for enabling nonce on script-src, style-src etc.

    Plugin Author nintechnet

    (@nintechnet)

    I would prefer to have it online and put a link to it, like we do for example with the NinjaScanner anti-virus rules generator. CSP is tricky, and because some users could lock themselves out of the dashboard (CSP can be used to block HTML forms), I don’t want to make it too easy.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Support for script nonces?’ is closed to new replies.

Tags