-
#ContentSecurityPolicy is great (and surprisingly straightforward) when targeting a single version. But crafting a policy which is as strict as possible *and* backwards compatible with older browsers is a real nightmare and adds a lot of complexity.Permalink On twitter.com
Mood +3 🙂
-
I wonder if things would be easier if we had multiple policies for different versions. For example, what if we wrote separate v1, v2, and v3 policies, then the browser just picked the latest one it supported. That would remove a lot of the weird compatibility behavior.On twitter.com
Mood 0