Plugin Author
Dylan
(@dyland)
Doesn’t look too difficult to implement. Are you using this report-url.io site?
@dyland
Any update about this feature request?
Ditto that, any update on this?
Would also like to see “upgrade-insecure-requests;” option added.
@tjdurden @tingwe
A quick hack to change this for now until this gets implemented is to:
modify line 165 of /includes/wpCSPclass.php
from this
$CSPOutput .= "report-uri " . $ReportURI ;
to this
$CSPOutput .= "report-uri https://mycustomdomain.report-uri.io/r/default/csp/enforce";
or even better to this (adding the upgrade-insecure-requests; option)
$CSPOutput .= "upgrade-insecure-requests; report-uri https://mycustomdomain.report-uri.io/r/default/csp/enforce";
NOTE: you will lose the logging functionality in the plugin completely and only be reporting to the report.-uri.io web site.
My personal preference is to leave the plugin doing the logging as it is easier to monitor, maintain and add necessary entries to the CSP policy.
-
This reply was modified 7 years, 5 months ago by mitchellk.
-
This reply was modified 7 years, 5 months ago by mitchellk.
-
This reply was modified 7 years, 5 months ago by mitchellk.
-
This reply was modified 7 years, 5 months ago by mitchellk.