Jean-Marc Desperrier wrote: > In fact a solution could be that everytime the browser reject > downloading a ressource due to CSP rules, it spits out a warning on the > javascript console together with the minimal CSP authorization that > would be required to obtain that ressource. > This could help authors to write the right declarations without > understanding much to CSP.
Announcing rejected resources is an important part of the plan. The spec has a reportURI for just this reason, and the Mozilla implementation will also echo errors to the Error Console. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security