the issue with CSP wasn't that it couldn't fix stuff,it was that it wasn't usable
-
-
<3 that. Mitigations get a free pass, regardless of design quality & efficacy.
-
Tweet unavailable
-
I think CSP is very effective at stopping blind XSS at least
-
and that's after like 5 yrs of its development. ROI sucks I'd say
-
UAs already built it so it's sunk costs. Why not get the value now?
-
edge just started thinking about CSP. FWs don't support it yet
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.