View Revisions: Note 3673
| Summary | 508: Support Content Security Policy |
|---|---|
| Revision | 2017-06-20 00:06 by Chris Graham |
| Note |
CSP does have nonce support, so we can do inline script support. |
| Revision | 2016-04-23 00:45 by Guest |
| Note | CSP does have nonce support, so we can do inline script support. But if we do it kind of undermines the goal, because any parameters within that code would be included in our auto-generation of the nonce, hence removing the security we're trying to add - hence the cost of all this. |
