Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
I think it would be nice if I could look for the individual directive and see which browser they apply to. I.e. I could search for new Level 3 individual directive like script-src-elem.
The text was updated successfully, but these errors were encountered:
Sorry, something went wrong.
It'd be helpful if we could list which CSP directives were introduced after the initial level 3 specification was released.
Some new directives are:
script-src-attr, script-src-elem, style-src-attr, style-src-elem, prefetch-src, strict-dynamic, unsafe-hashes (renamed from unsafe-hashed-attributes, Chrome status: https://www.chromestatus.com/feature/5867082285580288):
Proposed directives: wasm-unsafe-eval (renamed from wasm-eval), webrtc-src and trusted-types (relates to: #4787).
For reference, here's other issues related to individual CSP directives support:
wasm-unsafe-eval is supposedly in Chrome 97. It was also implemented in WebKit in February, but I can't see a Safari release tag that applies to the commit. It may be in iOS 15.4/Mac OS X 10.15.6, which have not yet been tagged, or a later release.
No branches or pull requests