You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The content security policy recommendations are very unfriendly from the point of view of a developer/content publisher that needs to understand how to choose an appropriate policy. Perhaps the level 3 work is an opportunity to remedy this.
The current specification are excellent from a browser implementation perspective. But this has come at the expense of the context that would have been provided in an equivalent IETF RFC etc. Furthermore the examples do not speak enough to the kinds of security context in which they are appropriate, for example in choosing how strict the policy should be, or between nonce and hash-based security.
The text was updated successfully, but these errors were encountered:
The content security policy recommendations are very unfriendly from the point of view of a developer/content publisher that needs to understand how to choose an appropriate policy. Perhaps the level 3 work is an opportunity to remedy this.
The current specification are excellent from a browser implementation perspective. But this has come at the expense of the context that would have been provided in an equivalent IETF RFC etc. Furthermore the examples do not speak enough to the kinds of security context in which they are appropriate, for example in choosing how strict the policy should be, or between
nonceand hash-based security.The text was updated successfully, but these errors were encountered: