It's like the CSP: The Good Parts. Most users would be well-served with a policy like `Scripting-Policy: nonce=number-used-once`, and I think even complex deployments can be supported with a limited set of options. We can keep it small and focused, with a clear threat model.
-
-
Show this thread
-
Feedback would be welcome, either here or as issues/PRs filed on the GitHub repository: https://github.com/mikewest/csp-next/ …. Thanks!
Show this thread
End of conversation
New conversation -
-
-
Yes please.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.