Hello All,
Recently found limitation of current CSP implementation [1]
Note: connect-src 'self' does not resolve to websocket schemas in all
browsers, more info: https://github.com/w3c/webappsec-csp/issues/7
I believe this should be addressed or at least documented
(Seems to fail in Safari
Hello All,
it seem it was false alarm
sorry for the noise :(
On Tue, 24 Mar 2020 at 15:19, Maxim Solodovnik wrote:
> Hmmm,
>
> I'll check.
> The errors are definitely in DevTools (I'm using report-only CSP)
> Not sure if it is first or second time
> Will double-check and report back
>
> On
Hmmm,
I'll check.
The errors are definitely in DevTools (I'm using report-only CSP)
Not sure if it is first or second time
Will double-check and report back
On Tue, 24 Mar 2020 at 15:17, Emond Papegaaij wrote:
>
> Hi Maxim,
>
> Are you sure? I just tried the examples and CSS resources do have
>
Hi Maxim,
Are you sure? I just tried the examples and CSS resources do have
nonces. Maybe you're seeing the same errors as I when opening the dev
tools? Somehow Chrome is unable to load the css resources in the dev
tools when the dev tools are opened after loading the page. After a
refresh, it's
Hello All,
just found regression with CSP
nonce for CSS resources seems to be not added, which results security errors
Can it be caused by latest code optimizations?
--
WBR
Maxim aka solomax