On 5/16/2013 9:56 AM, Eduardo' Vela wrote: > Usually ads problems come in the form of iframes redirecting to > different domains rather than scripts. "frame-src *" solves that, doesn't it? May not be as tight a policy as you would like but better than no CSP at all, especially if you can block unsafe-inline. > The result, at least short/medium term is going to be that sites with > ads won't use CSP, not the other way around (ads networks changing their > while business model for us). Sounds like a good market opportunity for Google :-) -Dan Veditz
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC