Howard Miller

The log reports aren't Moodle's greatest feature. We tend to run SQL queries against the log tables for anything beyond the trivial.

I don't want to tempt fate but these days failure of components seems much less a problem than the need to take things down for patching and upgrades.

I know what a CSP is... but this is a Moodle forum. Do you believe that there is a security issue in Moodle?

Zap saying that Moodle doesn't have a strict CSP error is NOT a security issue. We get this a LOT. "I ran XYZ security report and it says...". That's fine, but you also need to explain how that presents an actual attack vector that is not taken care of in some other way in Moodle. Moodle's security is generally very good.

 

Anybody can run a security report against their Moodle site. There's loads of them. However, there's not much point unless you can properly interpret the results. I'm not saying you're wrong (you may be a security expert) but you need to explain how this presents a problem in Moodle 

I'll ask one more time, but that's going to be it. Why do you think the CSP warning is a problem?

(Moodle core) Cron runs as the main admin user, so you shouldn't encounter any permission errors. All capability checks come back as 'allow' for an admin. 

If, as I think you might have done, you've written your own cron script for the plugin then that's definitely the wrong approach. You should add an additional scheduled task for your plugin.

See, https://moodledev.io/docs/5.0/apis/subsystems/task/scheduled