Can we talk about strict-dynamic and nonce in #CSP, when we still have to have unsafe-eval to use libraries?
-
-
So in our applications we're not worried about 'unsafe-eval' because nonces + 'strict-dynamic' project from most XSS-es.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.