Title: Content Security Policy Manager
Author: Patrick Sletvold
Published: <strong>2020 年 7 月 21 日</strong>
Last modified: 2022 年 8 月 9 日

---

搜尋外掛

這個外掛**並未在最新的 3 個 WordPress 主要版本上進行測試**。開發者可能不再對這個
外掛進行維護或提供技術支援，並可能會與更新版本的 WordPress 產生使用上的相容性問題。

![](https://s.w.org/plugins/geopattern-icon/csp-manager.svg)

# Content Security Policy Manager

 由 [Patrick Sletvold](https://profiles.wordpress.org/16patsle/) 開發

[下載](https://downloads.wordpress.org/plugin/csp-manager.1.2.1.zip)

 * [詳細資料](https://tw.wordpress.org/plugins/csp-manager/#description)
 * [使用者評論](https://tw.wordpress.org/plugins/csp-manager/#reviews)
 * [開發資訊](https://tw.wordpress.org/plugins/csp-manager/#developers)

 [技術支援](https://wordpress.org/support/plugin/csp-manager/)

## 外掛說明

**Content Security Policy Manager** is a WordPress plugin that allows you to easily
configure [Content Security Policy headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
for your site. You can have different CSP headers for the admin interface, the frontend
for logged in users, and the frontend for regular visitors. The CSP directives can
be individually enabled, and each policy can be set to enforce, report or be disabled.

Please note that this plugin offers limited help in figuring out what the contents
of the policy should be. It only lets you configure the CSP in a easy to use interface.

## 常見問題集

### What is a Content Security Policy?

To quote MDN:

> Content Security Policy (CSP) is an added layer of security that helps to detect
> and mitigate certain types of attacks, including Cross Site Scripting (XSS) and
> data injection attacks. These attacks are used for everything from data theft 
> to site defacement to distribution of malware.
> To enable CSP, you need to configure your web server to return the Content-Security-
> Policy HTTP header.

### How do I enable reporting?

Reporting can be enabled by setting the report-uri and/or report-to directives. 
You will need the URL to a server that can handle these kinds of reports, which 
there are several of. [Report URI](https://report-uri.com/) is one example of such
a service, they have a free tier that allows up to 10 000 reports per month (any
more than that is just ignored, no extra cost). They also have a CSP wizard that
can help you construct your policy.

Reporting can be enabled both in report only mode and in enforce mode. You can use
report-only mode to evaluate the contents of the policy by looking at which resources
are reported as blocked.

## 使用者評論

![](https://secure.gravatar.com/avatar/a6ae1eb28cec727feb2e8de616c2ef982f88388d9abe21ccc7e8db93682b285b?
s=60&d=retro&r=g)

### 󠀁[Report To not working](https://wordpress.org/support/topic/report-to-not-working/)󠁿

 [ningmorris](https://profiles.wordpress.org/ningmorris/) 2023 年 7 月 13 日

Hello, Since report-uri is no longer recommended anymore, I need to use report-to
to send CSP reports. But for reason, it doesn’t send reports with report-to. My 
CSP settings are as follows: In Policy: report-to filed, I filled in csp-endpoint,
in Frontend Policy Report-To Header field, I filled in the following JSON data {“
group”: “csp-endpoint”, “max_age”: 10886400, “endpoints”: [ { “url”: “{CSP REPORT
ENDPOINT}” } ] } After saving changes in the CMS, all the commas disappeared in 
Frontend Policy Report-To Header field. { “group”: “csp-endpoint” “max_age”: 10886400“
endpoints”: [ { “url”: “{CSP REPORT ENDPOINT}” } ] } I am wondering if you can help
to take a look at it, thanks! Note: I have no problem with report-uri.

![](https://secure.gravatar.com/avatar/7661642e7f2ec5a348fffa107b167c46445c206822a8699cbddb40e857f68d0a?
s=60&d=retro&r=g)

### 󠀁[kills all CSS styles](https://wordpress.org/support/topic/kills-all-css-styles/)󠁿

 [rintelengrafik](https://profiles.wordpress.org/rintelengrafik/) 2023 年 2 月 18
日

As soon as I leave the backend the view of my side is without any CSS. Only the 
plain HTML.

![](https://secure.gravatar.com/avatar/8a678a70061d4e07b7234182bcc79598fe06a0516f01d64e90597c19f503061b?
s=60&d=retro&r=g)

### 󠀁[Very helpful and useful plugin. do you provide filters ?](https://wordpress.org/support/topic/very-helpful-and-useful-plugin-do-you-provide-filters/)󠁿

 [buzibuzi](https://profiles.wordpress.org/buzibuzi/) 2023 年 1 月 25 日

We are really happy with this plugin.im wondering if you provide a filter so i can
merge some dynamic ‘nonce-xx’ to the policy header. this could be very very useful.

![](https://secure.gravatar.com/avatar/e371a5ff70982d6817347632f03e88b34e534d4fd2e76a1f841db07c28178365?
s=60&d=retro&r=g)

### 󠀁[I like all the options for logged-in versus anonymous and report-only](https://wordpress.org/support/topic/i-like-all-the-options-for-logged-in-versus-anonymous-and-report-only/)󠁿

 [Jason Robinson](https://profiles.wordpress.org/jsrobinson/) 2022 年 4 月 10 日

This plugin is well thought out and does what I need it to. It has also helped me
troubleshoot other website’s CSP that wasn’t working correctly, and the documentation
is solid if brief.

![](https://secure.gravatar.com/avatar/1e271d290377997c8dcb90ca03a711894c2401648ce1b903248062dc144e4aa5?
s=60&d=retro&r=g)

### 󠀁[Extraordinaire !](https://wordpress.org/support/topic/extraordinaire-4/)󠁿

 [jeebeezebee](https://profiles.wordpress.org/jeebeezebee/) 2021 年 11 月 1 日

Ce plugin m;a fait gagner des heures de travail.

![](https://secure.gravatar.com/avatar/a5997a96f2b037d2a14c8f6f0a8902af691711249b09fb23209ad4869395baec?
s=60&d=retro&r=g)

### 󠀁[Great plugin to manage CSP](https://wordpress.org/support/topic/great-plugin-to-manage-csp/)󠁿

 [c3idesign](https://profiles.wordpress.org/c3idesign/) 2021 年 5 月 14 日

Great plugin, thank you.

 [ 閱讀全部 5 則使用者評論 ](https://wordpress.org/support/plugin/csp-manager/reviews/)

## 參與者及開發者

以下人員參與了開源軟體〈Content Security Policy Manager〉的開發相關工作。

參與者

 *   [ Patrick Sletvold ](https://profiles.wordpress.org/16patsle/)

〈Content Security Policy Manager〉外掛目前已有 1 個本地化語言版本。 感謝[全部譯者](https://translate.wordpress.org/projects/wp-plugins/csp-manager/contributors)
為這個外掛做出的貢獻。

[將〈Content Security Policy Manager〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/csp-manager)

### 對開發相關資訊感興趣？

任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/csp-manager/)、
查看 [SVN 存放庫](https://plugins.svn.wordpress.org/csp-manager/)，或透過 [RSS](https://plugins.trac.wordpress.org/log/csp-manager/?limit=100&mode=stop_on_copy&format=rss)
訂閱[開發記錄](https://plugins.trac.wordpress.org/log/csp-manager/)。

## 變更記錄

This plugin’s development happens in [its GitHub repo](https://github.com/16patsle/wordpress-csp-manager).
Feel free to send bug reports there.

### 1.2.1

 * Fix error caused by improperly checking the chosen CSP mode when outputting headers(
   thanks @reatlat).

### 1.2.0

 * Improved UI, with CSP directives divided into collapsible categories.
 * Add all remaining non-deprecated CSP directives.
 * Warn if enabling upgrade-insecure-requests on a site that does not support HTTPS.
 * Sanitize directives on save and disallow newlines in header content.
 * Various internal improvements.

### 1.1.0

This is a relatively small update, that only contains a few more CSP directives.
The next update will contain even more, along with an updated user interface.

 * Add some commonly used CSP headers that were missing (thanks Master Dan).
 * Add some other user requested directives.
 * Fix some translator comments.

### 1.0.0

First version.

 * Support for different policies for admin, logged-in frontend and regular visitors.
 * Different policies can have different reporting/enforcing mode.
 * Directives can be configured separately, to easier see what is allowed in which
   cases.
 * Support for configuring the Report-To header.

## 中繼資料

 *  版本 **1.2.1**
 *  最後更新 **4 年前**
 *  啟用安裝數 **2,000+**
 *  WordPress 版本需求 ** 4.6 或更新版本 **
 *  已測試相容的 WordPress 版本 **6.1.10**
 *  PHP 版本需求 ** 7.2 或更新版本 **
 *  語言
 * [English (US)](https://wordpress.org/plugins/csp-manager/) 及 [Norwegian (Bokmål)](https://nb.wordpress.org/plugins/csp-manager/).
 *  [將這個外掛本地化為你的母語版本](https://translate.wordpress.org/projects/wp-plugins/csp-manager)
 * 標籤:
 * [content security policy](https://tw.wordpress.org/plugins/tags/content-security-policy/)
   [csp](https://tw.wordpress.org/plugins/tags/csp/)[security](https://tw.wordpress.org/plugins/tags/security/)
   [Security Headers](https://tw.wordpress.org/plugins/tags/security-headers/)[xss](https://tw.wordpress.org/plugins/tags/xss/)
 *  [進階檢視](https://tw.wordpress.org/plugins/csp-manager/advanced/)

## 評分

 4.3 星，滿分為 5 星

 *  [  5 個 5 星使用者評論     ](https://wordpress.org/support/plugin/csp-manager/reviews/?filter=5)
 *  [  0 個 4 星使用者評論     ](https://wordpress.org/support/plugin/csp-manager/reviews/?filter=4)
 *  [  0 個 3 星使用者評論     ](https://wordpress.org/support/plugin/csp-manager/reviews/?filter=3)
 *  [  0 個 2 星使用者評論     ](https://wordpress.org/support/plugin/csp-manager/reviews/?filter=2)
 *  [  1 個 1 星使用者評論     ](https://wordpress.org/support/plugin/csp-manager/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/csp-manager/reviews/#new-post)

[查看全部使用者評論](https://wordpress.org/support/plugin/csp-manager/reviews/)

## 參與者

 *   [ Patrick Sletvold ](https://profiles.wordpress.org/16patsle/)

## 技術支援

使用者可在技術支援論壇提出意見反應或使用問題。

 [檢視技術支援論壇](https://wordpress.org/support/plugin/csp-manager/)