'strict-dynamic' pros: what's the best way to create a client-side generated <iframe> that works with strict csp? I'm currently thinking I'm relegated to actually making a network request to a server. :/
-
-
Oh hey I forgot about hashes, thanks!
-
By the way, http://CSP.withgoogle.com mentions a 'csp.nonceUtils.getNonce' closure library, is that public?
End of conversation
New conversation -
-
-
This works great! As expected, Chrome is warning me about document.write, do I have anything to worry about regarding that being deprecated or csp-blocked in the future? Or would that break too many things to be considered? //
@mikewest -
Nothing is forever, but `document.write()` is depended on pretty widely. `srcdoc` is more performant, if you really need to turn a string into HTML.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.