Also, much of my job is to trim CSP down to only the useful bits and adopt these =)
-
-
why can't UIR or BAMC be implemented by a framework?
-
The UA has more context, e.g. can prevent mixed content after redirects.
-
FWIW I fully agree that no bugs >> mitigations, but we're far from "no bugs"
-
yes, that's probably true. I wish we had more good mitigations.
End of conversation
New conversation -
-
-
We need platform features, and much hardening from last ~5 years is via CSP.
- End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

