sgammon commented on issue #876: Content Security Policy support. URL: https://github.com/apache/incubator-pagespeed-mod/issues/876#issuecomment-551215973 hey @oschaaf, i wanted to just check in on this issue really quick. we are noticing some major challenges with Pagespeed and CSP. in particular: 1) PS does not seem to honor nonces issued via the origin, and embedded in the page 2) PS does not seem to understand CSP2.0/3.0, and consequently embeds violating scripts since PS is acting on behalf of the origin in a trusted manner, why can't it just inject nonces that match any present nonce value, for scripts it adds to the page? in any case, this is enough of a challenge for us right now that it's pagespeed _or_ CSP, which is a lame decision to have to make. if i can help with diagnosis or PRs at all, i would be happy to contribute.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
