Split up admin settings into pre-directive settings and fully support all CSP level 3 #31
Description
The CSP plugin is very basic and relies on the admin to write these very long and complicated CSP directives in a single text area. It is very raw. It is also very hard for an admin to even begin understanding what policies to put in place unless you are actively following the CSP specs as they evolve.
I'm proposing to improve to improve this plugin so that instead of a single directive, you instead get a big list of all of the Level 3 directives and where appropriate either check boxes or radio boxes or free text fields. This will make it much easier to see at a glance and understand the current policies in place.
https://www.w3.org/TR/CSP3/
As new CSP versions are supported this will create new admin settings which will prompt the admin to fill them in on upgrade.
It will still support the current textarea and just concat that into the policy.
Proposing a single new config item which is a custom table
| Directive Name | Report value | Live value |
|---|---|---|
| default-src | https: 'unsafe-inline' |
https: 'unsafe-inline' |
| script-src | ||
| img-src | https: data: .yimg.com .twimg.com |
|
| [dropdown] |