Now you’ve just got different problems
It really depends on your perspective. I'm pretty sure it's possible to setup a site with bad resource links so that the server expects to see CSP reports, thereby detecting if user is blocking them.
-
-
There are easier ways to do that without having to use CSP.
-
Yes, of course. Maybe the motivations for disabling CSP reporting are minor in the big scheme of things, but still seems like it should be possible.
-
My view is pretty much always that the user-agent is called user-agent for a reason and shouldn't be doing anything the user doesn't want done.
-
By that logic we should be able to disable HSTS and other similar mechanisms. I can force you to use HTTPS on my site even if you type http:// into the address bar.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.