From cc20d68651f7068003d4894845c97a3552e8df91 Mon Sep 17 00:00:00 2001 From: Timmy Willison Date: Sat, 7 Dec 2024 13:44:45 -0500 Subject: [PATCH 1/3] All: enable CSP report header on production sites --- themes/jquery/functions.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/themes/jquery/functions.php b/themes/jquery/functions.php index ae560cde..b1f38ebd 100755 --- a/themes/jquery/functions.php +++ b/themes/jquery/functions.php @@ -256,9 +256,6 @@ function jq_image_posted_on() { * Content Security Policy */ function jq_content_security_policy() { - if ( !JQUERY_STAGING ) { - return; - } $nonce = bin2hex( random_bytes( 8 ) ); $report_url = 'https://csp-report-api.openjs-foundation.workers.dev/'; $policy = array( From 5c6aa6d1d80f1bff9997b61cb86445d6143029a1 Mon Sep 17 00:00:00 2001 From: Timmy Willison Date: Sat, 7 Dec 2024 14:07:41 -0500 Subject: [PATCH 2/3] fixup! switch to prod URL in comment --- themes/contribute.jquery.org/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/themes/contribute.jquery.org/functions.php b/themes/contribute.jquery.org/functions.php index 3c94ddef..d5b39a4e 100644 --- a/themes/contribute.jquery.org/functions.php +++ b/themes/contribute.jquery.org/functions.php @@ -1,7 +1,7 @@ Date: Sat, 7 Dec 2024 14:38:20 -0500 Subject: [PATCH 3/3] fixup! disable style tag added in WordPress 6.7 --- plugins/jquery-filters.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plugins/jquery-filters.php b/plugins/jquery-filters.php index 734810e3..b7edbda8 100644 --- a/plugins/jquery-filters.php +++ b/plugins/jquery-filters.php @@ -88,6 +88,10 @@ return 1024 * 1024; } ); +// Disable the new image sizes feature. +// It adds a style tag that would require a CSP exception. +add_filter( 'wp_img_tag_add_auto_sizes', '__return_false' ); + // Allow full HTML in term descriptions. add_action( 'init', 'jquery_unfiltered_html_for_term_descriptions' ); add_action( 'set_current_user', 'jquery_unfiltered_html_for_term_descriptions' );