@arturjanc @mikewest are you aware of a strict-dynamic bug in Canary where loading a script from cache throws this?pic.twitter.com/Pego1PYmVv
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
ok here's a noisy demo: https://csp-demo-152522.appspot-preview.com
on fresh or hard reload, no CSP errors. On reload from cache, 'foo.js' will be 'blocked', but then loads anyway.
'bar.js' is the same except lacking the crossorigin='anonymous' attribute. All scripts have integrity attrs.
CSP is using strict-dynamic with nonces, no hashes, so I think SRI is interfering w/ CSP when loading from cache.
: Perhaps we're not caching the integrity data? Would you mind poking at https://crbug.com/new ? @arturjanc @we1x
: @mikewest is busy writing emails and reviewing other people's work. Please leave a message after the beep. @durumcrustulum @we1x
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.