Strict, nonce-based CSP now deployed on a good portion of http://Postmates.com . Yay!
-
Well done! :)
We recently deployed Strict, nonce based CSP to Cloudflare dash as well :) We use an intermediary like Cloudflare Workers to do the job. But it changes the threat model a little bit. Since it’s react based, we are not worried about reflected html based injections.
-
-
Oh, awesome! Which policy are you using? /cc
@arturjanc@we1x -
content-security-policy: object-src 'none'; script-src 'nonce-MzU2MzQ2NzU5MiwxNDkxOTIxMDU=' 'unsafe-eval' 'strict-dynamic' 'report-sample' https:; base-uri 'self';
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.