A client needed a way to add CSP headers to their WordPress site. Manually configuring strict CSP headers for scripts can be fiddly to get right, so I built a plugin to automate it.
Requirements:
- Proper script nonces
- Friendly with page caching and asset aggregation/minification
- Easy to set up (fire and forget)
- Testable
The result is a plugin that can automatically create & assign script nonces to inline and references script elements in any page. Although it’s mostly automated, you do need to test it. Especially if you’re using plugins that reference external scripts from CDNs to implement fancy animations and other wizardry.
