WordPress.org

China 简体中文

获取 WordPress
WordPress.org

Plugin Directory

CSP-ANTS&ST

该插件尚未通过WordPress的最新3个主要版本进行测试。 当与较新版本的WordPress一起使用时,可能不再受到维护或支持,并且可能会存在兼容性问题。

CSP-ANTS&ST

作者:Pascal CESCATO
下载

描述

For a perfectly secured website, you have to avoid ‘unsafe-eval’ and ‘unsafe-inline’ in your content-security-policy header.
This plugin add nonces to script/style tags and add those nonces to the content-security-policy header, so your website will be more secure, even if there are other actions to perform in order to have a very strong protection.

Features

There are no settings, it’s a plug and play plugin.
This plugin automaticallly:
– add a nonce to each script and style tag and a sha256 hash to online events (onload / onclick)
– generate Content Security Policy header with all nonces and hashes + basics (base-uri ‘self’, google fonts, gravatar, maxcdn.bootstrapcdn…)

Tested / Works with no cache system, WP Rocket on Plesk (Nginx/Apache webserver) and Lscache (Openlitespeed/Litespeed webserver)
Should work elsewhere, just say me and I’ll add your setup to this list.

Requirements

  • WordPress 5.0 or higher.

安装

  • Extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation or install it directly from your dashboard and then activate the plugin from Plugins page.
  • There’s not options page, simply install and activate.

常见问题

Is there something to do after install?

Yes, just activate it!

评价

Great plugin

2023 年 7 月 24 日
I downloaded this plugin and modified it for my site. I would recommend doing that. The plugin hooks into the ‘template_redirect’ hook. At that point the source for the page has been generated by themes and plugins and is ready to be sent. The plugin looks through the generated source and makes nonces for all inline scripts and styles. It modifies the source so the inline scripts and styles have a nonce=’some-nonce’ statement in them. It creates a Content-Security-Policy which includes those nonces. However, each site has its own CSP needs, and so modifying the plugin to tailor the CSP to your site is not that difficult to do. That is what I have done.

Could be better

2022 年 9 月 8 日
The plugin works as advertised however, it does not let you modify the CSP header resulting in a less than ideal CSP header. The header this plugin serves provides no protection against clickjacking and allows all external scripts.

Satisfied!

2022 年 7 月 14 日
This is the most ‘straight to the point’ CSP tool that I’ve found. So far, so go.
阅读所有4条评价

贡献者及开发者

「CSP-ANTS&ST」是开源软件。 以下人员对此插件做出了贡献。

贡献者

帮助将「CSP-ANTS&ST」翻译成简体中文。

对开发感兴趣吗?

您可以浏览代码,查看SVN仓库,或通过RSS订阅开发日志

更新日志

1.0

  • Initial release

额外信息

评级

3.5 星(最高 5 星)。

添加我的评价

查看全部评论

支持

有话要说吗?是否需要帮助?

查看支持论坛