Linux 软件免费装

在这里免费安装WordPress以及其他软件

CSP Violation Reporter

开发者 guidumasperes
更新时间 2026年5月28日 09:33
PHP版本: 7.4 及以上
WordPress版本: 7.0
版权: GPLv2 or later
版权网址: 版权信息

标签

security reporting reports csp content-security-policy

下载

0.1.1

详情介绍:

CSP Violation Reporter adds a public WordPress REST endpoint for browser Content Security Policy violation reports and stores received violations in a local database table. Reports can be reviewed from Tools > CSP Violations. The plugin supports the modern Reporting API payload format as well as the older csp-report JSON shape. Endpoint: /wp-json/csp-violation-reporter/v1/report The plugin does not create or modify Content Security Policy headers. Site owners should configure CSP headers in their web server, hosting dashboard, theme, or security tooling. Example report endpoint configuration: Content-Security-Policy: default-src 'self'; report-uri https://example.com/wp-json/csp-violation-reporter/v1/report For the modern Reporting API, use an HTTPS endpoint: Reporting-Endpoints: csp-endpoint="https://example.com/wp-json/csp-violation-reporter/v1/report" Content-Security-Policy: default-src 'self'; report-to csp-endpoint

安装:

  1. Upload the plugin folder to /wp-content/plugins/.
  2. Activate the plugin through the Plugins screen in WordPress.
  3. Open Tools > CSP Violations to copy the reporting endpoint.
  4. Configure your CSP Reporting API group and reference it from your report-to directive.

常见问题:

Does this plugin set my CSP header?

No. This plugin receives and displays CSP violation reports. CSP header generation is intentionally left to your theme, server, security plugin, or hosting environment.

Is the report endpoint public?

Yes. Browser violation reports are sent without WordPress authentication. Admin views remain protected by the manage_options capability.

Does the plugin store visitor IP addresses?

No. The plugin stores a salted hash of the remote address to help with deduplication and abuse analysis without retaining the raw IP address.

Does the plugin send data to third parties?

No. Reports are stored in the site's own WordPress database.

更新日志:

0.1.1 0.1.0