WordPress.org

Taiwan 正體中文

取得 WordPress
WordPress.org

Plugin Directory

CSP Violation Reporter

CSP Violation Reporter

Guilherme Dumas Peres 開發
下載

外掛說明

CSP Violation Reporter adds a public WordPress REST endpoint for browser Content Security Policy violation reports and stores received violations in a local database table.

Reports can be reviewed from Tools > CSP Violations. The plugin supports the modern Reporting API payload format as well as the older csp-report JSON shape.

Endpoint:

/wp-json/csp-violation-reporter/v1/report

The plugin does not create or modify Content Security Policy headers. Site owners should configure CSP headers in their web server, hosting dashboard, theme, or security tooling.

Example report endpoint configuration:

Content-Security-Policy: default-src 'self'; report-uri https://example.com/wp-json/csp-violation-reporter/v1/report

For the modern Reporting API, use an HTTPS endpoint:

Reporting-Endpoints: csp-endpoint="https://example.com/wp-json/csp-violation-reporter/v1/report"

Content-Security-Policy: default-src 'self'; report-to csp-endpoint

Privacy

This plugin stores CSP violation reports submitted by browsers. Stored fields can include the document URL, referrer URL, blocked URI, violated directive, source file, line and column numbers, a user agent string, a salted hash of the remote address, and the raw report payload.

The plugin does not store raw IP addresses and does not transmit report data to external services.

安裝方式

  1. Upload the plugin folder to /wp-content/plugins/.
  2. Activate the plugin through the Plugins screen in WordPress.
  3. Open Tools > CSP Violations to copy the reporting endpoint.
  4. Configure your CSP Reporting API group and reference it from your report-to directive.

常見問題集

Does this plugin set my CSP header?

No. This plugin receives and displays CSP violation reports. CSP header generation is intentionally left to your theme, server, security plugin, or hosting environment.

Is the report endpoint public?

Yes. Browser violation reports are sent without WordPress authentication. Admin views remain protected by the manage_options capability.

Does the plugin store visitor IP addresses?

No. The plugin stores a salted hash of the remote address to help with deduplication and abuse analysis without retaining the raw IP address.

Does the plugin send data to third parties?

No. Reports are stored in the site’s own WordPress database.

使用者評論

這個外掛目前沒有任何使用者評論。

參與者及開發者

以下人員參與了開源軟體〈CSP Violation Reporter〉的開發相關工作。

參與者

將〈CSP Violation Reporter〉外掛本地化為台灣繁體中文版

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄

變更記錄

0.1.1

  • Prepared SQL statements that include the plugin’s custom table name.

0.1.0

  • Initial development release.

中繼資料

評分

這個項目尚無任何評論記錄。

Your review

查看全部使用者評論

技術支援

使用者可在技術支援論壇提出意見反應或使用問題。

檢視技術支援論壇