I thought all the cool kids were doing it these days? No? :(
Because they will see a hash and ignore 'unsafe-inline', so they will reject these attributes.
-
-
so there will be no way to enable style="" if I want to use a nonce or a hash?
-
The current proposal has problems so it depends on whether Mike finds a way to fix them. Maybe? :)
-
FWIW in our apps we don't restrict style-src. Sec risk of inline styles is much less than of scripts
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.