I've fleshed out the "CSP as compilation target" proposal at https://mikewest.github.io/artur-yes/ , tacking on and formalizing `X-XSS-Protection`. WDYT?
the only place expansion to `object-src: none` is mentioned is in an example block? where is it actually specced?
-
-
: hrm. I probably accidentally dropped that. Pretend that the CSP list algorithm added it; I’ll fox it in a minute.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.