Skip to content
This repository has been archived by the owner on Dec 28, 2023. It is now read-only.

In the future, Sandstorm's Content Security Policy will block external content. #6

Open
dwrensha opened this issue Jul 15, 2015 · 4 comments
Open

In the future, Sandstorm's Content Security Policy will block external content. #6

dwrensha opened this issue Jul 15, 2015 · 4 comments

Comments

@dwrensha
Copy link
Owner

This will have an effect on:

  1. gravatar usage in the admin area
  2. themes using fonts.googleapis.com
  3. other things, possibly

We'll want to replace gravatar with Sandstorm's own user profile features. For the fonts, maybe we can bundle them?
@ocdtrekkie
Copy link

I bundled Google fonts that Scrumblr used. Stuff like jQuery as well may need to be bundled if WordPress uses it.

When WordPress allows people to upload their own themes, Google fonts may also be a problem.

@dwrensha
Copy link
Owner Author

I've learned that avatars can be turned off with update_option('show_avatars', 0); and they can be overridden through the pluggable get_avatar() function.

@Ryman
Copy link

Ryman commented Jun 22, 2016

Looks like some oembed stuff doesn't work without curl, so I guess that's affected by this too? http://help.semplicelabs.com/customer/portal/questions/12932083-vimeo-embed-troubleshooting

@xet7 xet7 mentioned this issue Mar 8, 2018
Open
@xet7
Copy link

xet7 commented Mar 8, 2018

This issue was moved to sandstormports/wordpress-sandstorm#4

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xet7 @dwrensha @Ryman @ocdtrekkie