• Hi, I am trying to create a strict Content Security Policy (CSP) in my Nginx configuration, and I want to be sure that any outside sources (like the captcha) that this plugin uses are included in my policy. For reference, I am using this plugin with the captcha feature on.

    In my Nginx virtual hosts server block, I am starting off with the following strict Content Security Policy (Header):

    add_header Content-Security-Policy "default-src 'self';

    Is there anything that THIS PLUGIN uses that isn’t included in ‘self’, that would need to be included in a strict content security policy header?

    If so, could you please tell me what else I need to include in my Nginx header (specifying img-src rules, style-src rules, script-src rules, connect-src rules, and any other etc-src etc-src rules to keep a strict CSP while still allowing this plugin to be fully functional? Thanks so much for any help!

    • This topic was modified 1 year, 4 months ago by James Huff.
    • This topic was modified 1 year, 4 months ago by James Huff. Reason: wikipedia excerpt removed
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Using a Strict Content Security Policy while allowing S.M.A.P. Plugin to work’ is closed to new replies.