- From: Anne van Kesteren <notifications@github.com>
- Date: Mon, 14 Nov 2022 07:28:12 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/1536/review/1179318873@github.com>
@annevk commented on this pull request.
> + * … Update CSP destinations to CSP Level 3
+ * … Change 'style-src' to 'style-src-elem'
This file should not be changed so please revert these changes.
> @@ -1654,11 +1654,11 @@ not always relevant and might require different behavior.
<code>cursor</code>, CSS' <code>list-style-image</code>, …
<tr>
<td>"<code>audioworklet</code>"
- <td><code>script-src</code>
+ <td><code>script-src-elem</code>
Let's list both, separated by a comma. Also, it seems you forgot the `script-src` for the `script` element below.
> @@ -1678,11 +1678,11 @@ not always relevant and might require different behavior.
<td><code>Federated Credential Management requests</code>
<tr>
<td>"<code>worker</code>"
- <td><code>child-src</code>, <code>script-src</code>, <code>worker-src</code>
+ <td><code>worker-src</code>, <code>script-src</code>, <code>worker-src</code>
Please revert this change. It already lists `worker-src` and it should continue to list `child-src`.
> <td><code>Worker</code>
<tr>
<td>"<code>style</code>"
- <td><code>style-src</code>
+ <td><code>style-src-elem</code>
Let's list both here, as with script, separated by a comma.
--
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1536#pullrequestreview-1179318873
You are receiving this because you are subscribed to this thread.
Message ID: <whatwg/fetch/pull/1536/review/1179318873@github.com>
Received on Monday, 14 November 2022 15:28:25 UTC