WordPress.org

Resolved 4a4b
(@4a4b)

2 months, 1 week ago
Hi,

With a strict content security policy the inline CSS of the honeypot is ignored by the browser and the textarea becomes visible. This is the case for example with this HTTP header:
```
Content-Security-Policy: default-src 'self';
```
As a workaround I have moved the inline CSS to an external css file:
```
/* Antispam-Bee */
textarea#comment {
  padding: 0 !important;
  clip: rect(1px, 1px, 1px, 1px) !important;
  position: absolute !important;
  white-space: nowrap !important;
  height: 1px !important;
  width: 1px !important;
  overflow: hidden !important;
}
```
Maybe the Antispam Plugin could itself include such a CSS file (additionally to the inline CSS) so the honeypit textarea remains hidden with a strict CSP header?

Viewing 1 replies (of 1 total)

Plugin Contributor Torsten Landsiedel
(@zodiac1978)

2 months, 1 week ago

Hi @4a4b

thanks for the report!

I’ve opened a GitHub issue, so more people are looking at this issue.

You can stay up-to-date here:
https://github.com/pluginkollektiv/antispam-bee/issues/597

As the problem is confirmed and the discussion on fixing this will happen on GitHub, I mark this as resolved here.

Thanks again for making us aware of this!

All the best
Torsten

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

In: Plugins
1 reply
2 participants
Last reply from: Torsten Landsiedel
Last activity: 2 months, 1 week ago
Status: resolved