cc me on the crbug plz
-
-
-
No bug yet. If folks are generally happy with https://github.com/w3c/webappsec-subresource-integrity/pull/86 …, I'd file one bug. If not, I'd file a different bug. :)
End of conversation
New conversation -
-
-
Qq - is this related to hash/nonce checks for 3rd party scripts (particularly for tag managers)? And the nonce checks don’t work exactly right thus basically allowing all scripts and not blocking a nonce check fail? (Sorry if mixing up words, thx for your work on CsP)
-
No. At least, if that’s a bug it’s new to me. The bug here is that Chrome is sometimes enforcing integrity matches on inline script blocks (e.g. `<script integrity=…>alert(1);</script>`) when it’s not supposed to (because we never defined that SRI integration).
- 1 more reply
New conversation -
-
-
*hugs*
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.