|
@mikewest | |||||
|
Feedback would be welcome, either here or as issues/PRs filed on the GitHub repository: github.com/mikewest/csp-n…. Thanks!
|
||||||
|
||||||
|
Mike West
@mikewest
|
8. sij |
|
I took some time to sketch out `Scripting-Policy` in a little more detail: mikewest.github.io/csp-next/scrip…. I'm starting to think it might actually not be a terrible idea. twitter.com/mikewest/statu…
|
||
|
|
||
|
Mike West
@mikewest
|
8. sij |
|
It's like the CSP: The Good Parts. Most users would be well-served with a policy like `Scripting-Policy: nonce=number-used-once`, and I think even complex deployments can be supported with a limited set of options. We can keep it small and focused, with a clear threat model.
|
||
|
|
||