Aww yea! Moar!!!https://twitter.com/michael_eder_/status/819651458018775041 …
-
-
Yeah, that's old news

-
well it was noted even *waay* back in 2015 http://blog.innerht.ml/csp-2015/ ;)
-
Nice spot! Some good critiques of CSP in there too!
-
There are some good proposals (like https://github.com/w3c/webappsec-csp/issues/98 … by
@arturjanc) to try mitigate "Unexpected Nonce" as mentioned in that link -
Also there's some discussion on allowing a CSP to whitelist URLs (https://github.com/w3c/webappsec-csp/issues/125 …)
-
From the link: "There is something CSP cannot cover - navigation." A lot of the issues are actually being addressed – which is promising :D
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.