Re: CSP Transition Tools from Neil Matatall on 2014-01-17 (public-webappsec@w3.org from January 2014)

From: Neil Matatall <neilm@twitter.com>
Date: Fri, 17 Jan 2014 14:15:32 -0800
To: Yoav Weiss <yoav@yoav.ws>
Cc: Frederik Braun <fbraun@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Dionysis Zindros <dionyziz@gmail.com>
Message-ID: <CAOFLtbgLRPge6b=WDvhXA9A3e_ZqkpSOE99NchVuqZO3jDqEuQ@mail.gmail.com>

We got some pushback from our development teams. A variant of it is in
the works and should be in production some time soonish maybe.
Possibly.

On Fri, Jan 17, 2014 at 2:00 PM, Yoav Weiss <yoav@yoav.ws> wrote:
> On Fri, Jan 17, 2014 at 7:11 PM, Neil Matatall <neilm@twitter.com> wrote:
>>
>> Something like this?
>> http://nmatatal.blogspot.com/2013/09/how-my-script-hash-poc-works.html
>> This hack worked very, very well for rails apps (that don't use the
>> javascript_tag helper)
>
>
> Exactly like this (at least the inline script/style parts).
> Why did it stay in the PoC phase? I'd imagine such a gem to be extremely
> useful for production RoR sites.

Received on Friday, 17 January 2014 22:15:59 UTC