{"id":9186,"date":"2010-05-18T16:19:39","date_gmt":"2010-05-18T16:19:39","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/content-security-policy\/"},"modified":"2011-03-11T18:59:13","modified_gmt":"2011-03-11T18:59:13","slug":"content-security-policy","status":"closed","type":"plugin","link":"https:\/\/vi.wordpress.org\/plugins\/content-security-policy\/","author":5964778,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"0.3","stable_tag":"0.3","tested":"3.1.4","requires":"2.9","requires_php":"","requires_plugins":"","header_name":"Content Security Policy","header_author":"Brandon Sterne","header_description":"","assets_banners_color":"","last_updated":"2011-03-11 18:59:13","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"http:\/\/people.mozilla.org\/~bsterne\/content-security-policy\/wordpress.html","header_author_uri":"http:\/\/people.mozilla.org\/~bsterne","rating":0,"author_block_rating":0,"active_installs":10,"downloads":4564,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","changelog"],"tags":[],"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":0},"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["0.1","0.2","0.3"],"block_files":[],"assets_screenshots":{"screenshot-4.png":{"filename":"screenshot-4.png","revision":"1539068","resolution":"4","location":"plugin"},"screenshot-2.png":{"filename":"screenshot-2.png","revision":"1539068","resolution":"2","location":"plugin"},"screenshot-3.png":{"filename":"screenshot-3.png","revision":"1539068","resolution":"3","location":"plugin"},"screenshot-1.png":{"filename":"screenshot-1.png","revision":"1539068","resolution":"1","location":"plugin"}},"screenshots":{"1":"CSP configuration page making a policy reccommendation.","2":"New panel in media uploader allows direct creation of script files in the uploads directory.","3":"CSP configuration page in Chrome.","4":"CSP configuration page in Safari."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[19966,600,14958],"plugin_category":[54],"plugin_contributors":[88230],"plugin_business_model":[],"class_list":["post-9186","plugin","type-plugin","status-closed","hentry","plugin_tags-csp","plugin_tags-security","plugin_tags-xss","plugin_category-security-and-spam-protection","plugin_contributors-bsterne","plugin_committers-bsterne"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/content-security-policy.svg","icon_2x":false,"generated":true},"screenshots":[{"src":"https:\/\/ps.w.org\/content-security-policy\/trunk\/screenshot-1.png?rev=1539068","caption":"CSP configuration page making a policy reccommendation."},{"src":"https:\/\/ps.w.org\/content-security-policy\/trunk\/screenshot-2.png?rev=1539068","caption":"New panel in media uploader allows direct creation of script files in the uploads directory."},{"src":"https:\/\/ps.w.org\/content-security-policy\/trunk\/screenshot-3.png?rev=1539068","caption":"CSP configuration page in Chrome."},{"src":"https:\/\/ps.w.org\/content-security-policy\/trunk\/screenshot-4.png?rev=1539068","caption":"CSP configuration page in Safari."}],"raw_content":"\n

Content Security Policy prevents content injection attacks by allowing admins to specify which sites they trust to serve JavaScript and other types of content in their site. Any content which is not explicitly allowed by the policy will be blocked from loading.<\/p>\n\n

The Content Security Policy plugin provides WordPress administrators a mechanism to specify a custom policy, or adopt a recommended policy based on the types and sources of content present in their site.<\/p>\n\n

Tested in Firefox 3.6 and Firefox 4, Chrome 10, and Safari 5.<\/p>\n\n\n

    \n
  1. Upload content-security-policy.zip<\/code> to the \/wp-content\/plugins\/<\/code> directory and unzip<\/li>\n
  2. Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n
  3. Configure a policy for your site in the 'Settings > CSP menu<\/li>\n<\/ol>\n\n\n

    0.3<\/h4>\n\n
      \n
    • Updated to be compatible with WordPress 3.0 and WordPress 3.1<\/li>\n
    • Removed json.js (since WordPress ships w\/ jQuery 1.4 now)<\/li>\n
    • Added \"restore default settings\" button<\/li>\n
    • Fixed a layout bug in the CSP Settings Page<\/li>\n
    • Fixed JSON encoding bug in the list of posts to analyze<\/li>\n<\/ul>\n\n

      0.2<\/h4>\n\n
        \n
      • Fixed origin mismatch problem for https:\/\/ admin page users<\/li>\n<\/ul>\n\n

        0.1<\/h4>\n\n
          \n
        • Initial release<\/li>\n<\/ul>","raw_excerpt":"Content Security Policy prevents content injection attacks by specifying valid sources of content for a site.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/vi.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/9186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vi.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/vi.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/vi.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=9186"}],"author":[{"embeddable":true,"href":"https:\/\/vi.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/bsterne"}],"wp:attachment":[{"href":"https:\/\/vi.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=9186"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/vi.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=9186"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/vi.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=9186"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/vi.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=9186"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/vi.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=9186"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/vi.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=9186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}