Talk to @arturjanc.
You don't know for sure, developers can always get things wrong for any feature, security or otherwise. Guidance in the spec usually helps.
-
-
How does backwards compatibility work? If the browser does not support the keyword, wouldn't the page break with such a policy.
-
Yes, it's not backwards compatible and you'd have to do UA sniffing to only deliver this to supporting browsers; seehttps://github.com/w3c/webappsec-csp/issues/147 …
-
Sorry, bad link above (though it's relevant for an earlier part of the discussion so I'm keeping it). This one:https://github.com/w3c/webappsec-csp/pull/247 …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.