In case anyone thought CSP2 paths solve the whitelist security problem... (nice find!)https://twitter.com/dotchloe/status/774512657642708992 …
Many servers don't use paths to designate hierarchy. Paths as a security mechanism is a CSP spec flaw
-
-
but will googleapis fix this?
-
This one was Cloudlare CDN, I tested googleapis and it seems okay. But if it had this kind of bug we probably would.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.