I want to properly use Content Security Policy on my Wordpress site, but also not hardcode URIs. I am moving all my inline scripts to one file, and adding hashes to all script tags to use with Subresource Integrity. The ajax localization gives me a hard time; It runs PHP to get the JS file name, and outputs it inline