- From: Mike West <mkwst@google.com>
- Date: Fri, 12 Jun 2015 16:08:00 +0200
- To: Andrea Giammarchi <andrea.giammarchi@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Friday, 12 June 2015 14:08:49 UTC
That sounds like a problem. :) What browsers do you see this in? Would you mind filing a bug at https://github.com/w3c/webappsec/issues/new?title=CSP: and I'll figure out whether the spec's wrong or the browsers are wrong (and then fix the spec either way, since browsers are shipping, and it's just a document... :) ). -mike -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Wed, Jun 10, 2015 at 11:23 AM, Andrea Giammarchi < andrea.giammarchi@gmail.com> wrote: > This page used to work: > http://webreflection.github.io/DOMContentLoaded/example.html > > now it fails. > > The example using sha512 in here also fails: > http://www.w3.org/TR/CSP/#script-src-hash-usage > > if you use the sha256 version of the alert it fails too. > > Have inline behavior changed and the documentation needs some update or > it's just my array of browsers that suddenly won't work anymore with CSP > scripts? > > Thank you in advance for any sort of clarification. >
Received on Friday, 12 June 2015 14:08:49 UTC