Blink: Intent to Implement and Ship: 'unsafe-hashed-attributes' in CSP3https://groups.google.com/a/chromium.org/d/msg/blink-dev/bUAhkdsrmqE/nimnFDG3BAAJ …
-
-
How do you know that this is used only on static pages?
-
You don't know for sure, developers can always get things wrong for any feature, security or otherwise. Guidance in the spec usually helps.
-
How does backwards compatibility work? If the browser does not support the keyword, wouldn't the page break with such a policy.
-
Yes, it's not backwards compatible and you'd have to do UA sniffing to only deliver this to supporting browsers; seehttps://github.com/w3c/webappsec-csp/issues/147 …
-
Sorry, bad link above (though it's relevant for an earlier part of the discussion so I'm keeping it). This one:https://github.com/w3c/webappsec-csp/pull/247 …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.