I came across a feature of Chrome in which an image/gif resource gets wrapped in some browser-provided html. This, in combination with CSP being applied to the image response, created a large number of CSP violations. This does not repro on Firefox. Does the spec say anything about CSPs relationship with non-text/html resources? I did not expect the html to be added, but I also did not expect CSP to be applied. I've already put up a patch to stop applying CSP to this resource. Was that the right thing to do? Mike and I are chatting on the chromium bug tracker[1]. What say you? [1] https://code.google.com/p/chromium/issues/detail?can=2&start=0&num=100&q=&colspec=ID%20Pri%20M%20Iteration%20ReleaseBlock%20Cr%20Status%20Owner%20Summary%20OS%20Modified&groupby=&sort=&id=380398Received on Wednesday, 4 June 2014 16:30:23 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC