內容簡介
總結: Swift PWA 是一個全面的 WordPress 外掛,可將您的網站轉換為擁有企業級安全功能的漸進式 Web 應用程式 (PWA)。
問題與答案:
1. Swift PWA 這個 WordPress 外掛主要功能是什麼?
- 答: Swift PWA 是一個全面的 WordPress 外掛,可以將您的網站轉換為具有企業級安全功能的漸進式 Web 應用程式 (PWA)。
2. Swift PWA 提供了哪些安全功能?
- 答: 安全功能包括文件上傳驗證、防止 SQL 注入、XSS 保護和 CSRF 保護等功能。
3. Swift PWA 需要滿足哪些條件才能正常運行?
- 答: 必須具備 WordPress 5.0 或更高版本、PHP 7.4 或更高版本、HTTPS(用於 PWA 功能)、檔案上傳權限和數據庫寫入權限。
4. Swift PWA 連接到哪些外部服務?
- 答: Swift PWA 連接到 Google 的 Workbox Library 以提供服務工作器功能和緩存策略。另外也可能會連接到 Google Fonts 等服務來進行資源緩存。
外掛標籤
開發者團隊
原文外掛簡介
Swift PWA is a comprehensive WordPress plugin that transforms your website into a Progressive Web App (PWA) with enterprise-grade security features.
Key Features
Security First: Comprehensive security fixes including file upload validation, SQL injection prevention, XSS protection, and CSRF protection
Modern Workbox: Uses Workbox 7.0.0 with latest security patches and caching strategies
Smart Caching: Intelligent caching for HTML, CSS, JS, images, and fonts
Cache Management: Option to clear cache manually for better control
Offline Support: Full offline functionality with customizable offline pages
App Manifest: Automatic generation of web app manifest for app-like experience
Service Worker: Advanced service worker with cache management
Admin Interface: User-friendly WordPress admin interface
File Upload Security: Secure file uploads with validation and size limits
Rate Limiting: Built-in protection against abuse
Access Control: Admin-only access with proper capability checks
Security Features
File upload validation (PNG, JPG, GIF, WebP only)
2MB file size limits
MIME type validation
SQL injection prevention with prepared statements
XSS protection with proper output escaping
CSRF protection with nonce verification
Rate limiting on form submissions
Admin capability checks
Input sanitization and validation
PWA Features
Web App Manifest generation
Service Worker registration
Offline page support
App icons and splash screens
Theme and background colors
Display modes (standalone, fullscreen, etc.)
Orientation settings
Precache pages selection
Asset precaching
Requirements
WordPress 5.0 or higher
PHP 7.4 or higher
HTTPS (required for PWA functionality)
File upload permissions
Database write permissions
Support
For support, please visit the WordPress.org support forums or create an issue on the plugin’s GitHub repository.
External Services
This plugin connects to external services to provide Progressive Web App functionality. The following services are used:
Google Workbox Library
This plugin uses Google’s Workbox library to provide service worker functionality and caching strategies.
What it’s used for: Workbox is a JavaScript library that provides service worker functionality, including caching strategies, precaching, and offline support. It’s essential for the PWA features of this plugin.
What data is sent and when: When a user visits your website, their browser automatically requests the Workbox library from Google’s servers (storage.googleapis.com). This request includes:
The user’s IP address (standard HTTP request)
User-Agent string (browser information)
Referrer information (your website URL)
Standard HTTP headers
This data is sent automatically by the browser when loading the Workbox library, which happens when the service worker is registered on the user’s device.
Service provider: Google LLC
Terms of Service: https://policies.google.com/terms
Privacy Policy: https://policies.google.com/privacy
Workbox Documentation: https://developers.google.com/web/tools/workbox
Note: The Workbox library is loaded directly from Google’s servers. No personal data from your WordPress site is transmitted to Google. Only standard HTTP request data (IP address, browser information) is sent, which is standard for any web resource request.
Google Fonts (Optional)
If your website uses Google Fonts, the plugin’s service worker may cache these resources. This is an optional feature that only applies if you have Google Fonts on your site.
What it’s used for: Caching Google Fonts resources (fonts.googleapis.com and fonts.gstatic.com) for offline access and improved performance.
What data is sent and when: If your site uses Google Fonts, standard HTTP requests are made to Google’s servers when fonts are loaded. This includes IP address and browser information, as with any web resource.
Service provider: Google LLC
Terms of Service: https://policies.google.com/terms
Privacy Policy: https://policies.google.com/privacy
Google Fonts Privacy: https://developers.google.com/fonts/faq#what_does_using_the_google_fonts_api_mean_for_the_privacy_of_my_users
Note: Google Fonts caching is only enabled if your website already uses Google Fonts. The plugin does not add Google Fonts to your site; it only caches them if they’re already present.
Privacy Policy
This plugin does not collect, store, or transmit any personal data from your WordPress installation. All configuration data remains on your WordPress server.
However, when users visit your website, their browsers will automatically connect to Google’s servers to load the Workbox library. This is a standard web resource request and follows Google’s privacy policy. No data from your WordPress database or user accounts is transmitted to external services.
Credits
Workbox by Google – https://developers.google.com/web/tools/workbox
WordPress PWA community
Security researchers and contributors
