http://photos.google.com is serving two CSPs, both w/ strict-dynamic, one w/ origins. Is this to have the best of both worlds @arturjanc ?
-
-
Ah you're right, my brain filled in a 'strict-dynamic' in the first one. Thanks!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The whitelist policy is for "origin hygiene", to prevent devs from accidentally loading untrusted scripts; 'strict-dynamic' is for XSS.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.