@bz_moz regarding CSP disabling `javascript:` links…do bookmarklets *have* to be disabled? no way to distinguish and trust only them?
@getify Maybe, but it's tough: by the time CSP is looking at the load it doesn't know who started it.
-
-
-
@DavidBruant@getify In theory, sure. In practice, Gecko doesn't know that at the point where CSP is enforced. - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.