Php

WordPress and Content Security Policy have a complicated relationship. WordPress was built in an era before CSP existed, and it shows. The admin panel injects inline scripts constantly. Plugins do whatever they want. Themes include jQuery from who-knows-where. But here’s the thing: your WordPress site is a target. It powers 43% of the web, which means attackers have spent years finding ways to exploit it. Adding CSP is one of the most impactful things you can do to protect it. ...

Laravel is one of the easier frameworks to add CSP to, thanks to its middleware system and Blade templating. You can have a working nonce-based CSP policy in about 30 minutes — I’ve done it multiple times and it really is that straightforward. Here are two approaches: using the spatie package (fastest setup) and custom middleware (more control). Option 1: The spatie/laravel-csp Package If you want something that works out of the box: ...