- This topic has 4 replies, 2 voices, and was last updated 6 months, 2 weeks ago by Maik.
August 18, 2020 at 11:07 pm #1408851Maik
you are working for a perfect theme. I guess, you will not like, what I discovered about GeneratePress.
The snyk security test brings up several vulnurabilities in GeneratePress:
– Using jQuery 1.12.4
– Strict Transport Security
– X Content Type Options
– X Frame Options
– Content Security Policy
– X XSS Protection
Resulting, the grade for security in WebPagetest.org (using snyk) is an F.
Could you please have a look into it and maybe you have something to do for future versions.August 18, 2020 at 11:52 pm #1408880TomLead DeveloperLead Developer
When needed, GeneratePress uses the core packaged jQuery version that is provided by WordPress itself:
The other issues are all on the server-side of things, not the theme:
The website you tested is our Site Library demo server, so it hasn’t been set up with all of this extra security, as its only purpose is to show off the front-end of our demo sites. Wouldn’t hurt to add though, I’ve added it to be done.
Thanks!August 18, 2020 at 11:59 pm #1408885Maik
thank you for this information. I will talk to my Webhosting Provider, if they could fix it, too.August 19, 2020 at 8:54 am #1409789TomLead DeveloperLead DeveloperAugust 19, 2020 at 9:00 am #1409806Maik
thank you for your reply. Just for someone else:
I learned today, that these settings can be made in .htaccess and I already added some lines of code – et voilá.
- You must be logged in to reply to this topic.