Redundancsp ˈɹɪdʌndən̩(t)siː-ɛs-piː 1. The phrase "CSP policy"
Absolutely no argument from me regarding developer confusion, etc. I mean "do the job" in the narrow sense of already supporting those restrictions that we'd want to port to the New Thing (e.g. requiring nonces/hashes to execute scripts).
-
-
Understood. But there is already full support for those in major UAs. Why keep fiddling with the CSP still? Isn't it better to just move on and work on the reboot?
-
I think this is exactly what
@mikewest is suggesting :) The main thing is that "fiddling" with CSP3 results in features which help solve the problems mentioned by @0x6D6172696F (e.g. hashes for event handlers instead of 'unsafe-inline') *and* have a chance of shipping this year.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.