admin管理员组

文章数量:1122832

In the reset password page, i have this core inline script in the head section :

<script type='text/javascript'>
/* <![CDATA[ */
var userSettings = {"url":"\/","uid":"0","time":"1713289843","secure":"1"};var _zxcvbnSettings = {"src":"https:\/\/domain.fr\/wp-includes\/js\/zxcvbn.min.js"};/* ]]> */
</script>

but filtering wp_inline_script_attributes like so :

function add_nonce_to_inline_script( $attributes, $javascript ) {
    $nonce = wp_create_nonce( 'my-csp-nonce' );
    $attributes['nonce'] = $nonce;
    return $attributes;
}
add_filter( 'wp_inline_script_attributes', 'add_nonce_to_inline_script', 10, 2 );

Has no effect, while it works with the others inline scripts in that page. I tried to look around wp_print_head_scripts action, but without success.

Do you think it's possible to add a nonce to this inline script ? I can not use 'unsafe-inline' in the CSP header because of the company policy.

本文标签: filterswp reset password pagehead inline script

版权声明:本文标题:filters - wp reset password page - head inline script 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736310262a1934314.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。