[WordPress] 外掛分享: CSP Violation Reporter

首頁外掛目錄 › CSP Violation Reporter
全新外掛
安裝啟用
尚無評分
50 天前
最後更新
問題解決
WordPress 6.5+ PHP 7.4+ v0.1.1 上架:2026-05-27

外掛標籤

開發者團隊

⬇ 下載最新版 (v0.1.1) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「CSP Violation Reporter」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

CSP Violation Reporter adds a public WordPress REST endpoint for browser Content Security Policy violation reports and stores received violations in a local database table.
Reports can be reviewed from Tools > CSP Violations. The plugin supports the modern Reporting API payload format as well as the older csp-report JSON shape.
Endpoint:
/wp-json/csp-violation-reporter/v1/report

The plugin does not create or modify Content Security Policy headers. Site owners should configure CSP headers in their web server, hosting dashboard, theme, or security tooling.
Example report endpoint configuration:
Content-Security-Policy: default-src 'self'; report-uri https://example.com/wp-json/csp-violation-reporter/v1/report

For the modern Reporting API, use an HTTPS endpoint:
Reporting-Endpoints: csp-endpoint="https://example.com/wp-json/csp-violation-reporter/v1/report"

Content-Security-Policy: default-src 'self'; report-to csp-endpoint

Privacy
This plugin stores CSP violation reports submitted by browsers. Stored fields can include the document URL, referrer URL, blocked URI, violated directive, source file, line and column numbers, a user agent string, a salted hash of the remote address, and the raw report payload.
The plugin does not store raw IP addresses and does not transmit report data to external services.

延伸相關外掛

文章
Filter
Apply Filters
Mastodon