I think it's too late for unsafe-dynamic. Frameworks already workaround that.
-
-
please don't call it strict.. but otherwise, agreed
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
No, b/c those are well-aligned. CSP is not, that's why it's cumbersome.
-
CSP is sadly doc-specific, w/ messy syntax and try-to-address-all attitude.
-
'strict-dynamic' kinda fixes 2 of those; https://mikewest.github.io/origin-policy/ remaining one
-
Also, problems with any given mechanism don't negate the value of mitigations.
-
<3 that. Mitigations get a free pass, regardless of design quality & efficacy.
- 7 more replies
New conversation -
-
-
exactly why we should focus on that now, instead of hi5ing CSP
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.