Just had a chat with Marcos on how manifests want to use CSP. It came up that while data;, blob:, etc. are effectively unsafe-inline, we don't have a way to treat them with hash-source. If I want to allow a specific data: uri but not all data: uris, I need to repeat the whole blob in my CSP. Is it worthwhile (for v.Next) to specify a way to take the hash of GUID-type uris? -BradReceived on Tuesday, 28 October 2014 23:00:54 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:41 UTC