[ad_1]
Working on getting a solid CSP on a number of WordPress sites. The biggest issue is that a number of plugins inject inline styles or scripts without nonces, which would require `unsafe-inline`. Tried with the recommended hashes that were given, but it looks like some of them were changing when generated.
The sites use a host of plugins, including WP Bakery, which does a load of injecting.
Saw this thread [here]), which lead to the casper tool. However, it just recommends removing all inline styles.
Any recommendations on how to create a CSP without `script-src: unsafe-inline`?
[ad_2]