Re: [fossil-users] Content-Security-Policy Was: Fossil README symlink

On Oct 18, 2017, at 8:51 AM, Andy Goth wrote: > > style-$hash2.css where $hash2 is a hash (or prefix thereof) > of the contents of style.css, possibly combined with the Fossil checkin > prefix. If style.css is stored as a Fossil artifact, we get that for free. If it’s stored in SQL, Fossil coul

Re: [fossil-users] Content-Security-Policy Was: Fossil README symlink

On 10/18/17 09:46, Warren Young wrote: On Oct 18, 2017, at 8:27 AM, Warren Young wrote: On Oct 18, 2017, at 7:04 AM, Richard Hipp wrote: I'll have to add a "/fossil.js” resource While you’re about it, I’d suggest shipping /fossil-$hash.js instead and setting a multi-year Expires header for

Re: [fossil-users] Content-Security-Policy Was: Fossil README symlink

On Oct 18, 2017, at 8:27 AM, Warren Young wrote: > > On Oct 18, 2017, at 7:04 AM, Richard Hipp wrote: >> I'll have to add a "/fossil.js” resource While you’re about it, I’d suggest shipping /fossil-$hash.js instead and setting a multi-year Expires header for the file so that it only has to be

Re: [fossil-users] Content-Security-Policy Was: Fossil README symlink

On 18 October 2017 at 15:32, Stephan Beal wrote: > LOL. Turing and his silly Test - that's why we can't have nice things. nitpicking: it's not about the test, but about the completeness (AKA the halting problem) -- Javier ___ fossil-users mailing list

Re: [fossil-users] Content-Security-Policy Was: Fossil README symlink

On Wed, Oct 18, 2017 at 4:27 PM, Warren Young wrote: > If you have any Ajax calls back to the remote fossil executable and they > ship back

Re: [fossil-users] Content-Security-Policy Was: Fossil README symlink

On Oct 18, 2017, at 7:04 AM, Richard Hipp wrote: > > On 10/18/17, Warren Young wrote: >> On Oct 18, 2017, at 3:44 AM, Warren Young wrote: >>> >>> The more web apps that ship with stringent Content-Security-Policy >>> headers, the fewer arguments we’ll have for allowing JS on web pages. > > I'

Re: [fossil-users] Content-Security-Policy Was: Fossil README symlink

On 10/18/17, Lonnie Abelbeck wrote: > > Doesn't HTTPS solve this problem ? > HTTPS solves a different problem. See https://content-security-policy.com/presentations/ for some presentations that describe the problem that CSP solves. -- D. Richard Hipp d...@sqlite.org

Re: [fossil-users] Content-Security-Policy Was: Fossil README symlink

On Oct 18, 2017, at 8:04 AM, Richard Hipp wrote: > On 10/18/17, Warren Young wrote: >> On Oct 18, 2017, at 3:44 AM, Warren Young wrote: >>> >>> The more web apps that ship with stringent Content-Security-Policy >>> headers, the fewer arguments we’ll have for allowing JS on web pages. > > I'd

Re: [fossil-users] Content-Security-Policy Was: Fossil README symlink

On Wed, Oct 18, 2017 at 3:04 PM, Richard Hipp wrote: > as

[fossil-users] Content-Security-Policy Was: Fossil README symlink

On 10/18/17, Warren Young wrote: > On Oct 18, 2017, at 3:44 AM, Warren Young wrote: >> >> The more web apps that ship with stringent Content-Security-Policy >> headers, the fewer arguments we’ll have for allowing JS on web pages. I'd never heard of Content-Security-Policy before. A quick scan s