any policy that disallows dynamic evaluation of JS as a "broken legacy feature" is bad imo
-
-
are you interested
@mikewest or know anyone who would be? 2/2 -
I also think the exact nonce approach is probably too hard for small teams, but 1/
-
that's an orthogonal (but still important to me) point. 2/2
-
: Nonces are the first scalably deployable approach we've found at Google, but I agree it's still hard.
@frgx@mikesherov@SlexAxton -
I'd be happy to start with "nonce for APIs" and try to improve nonces in parallel.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.