Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
CSP header format dependent on user agent #16
Using the correct format is essential for the browser to accept the CSP.
Apologies, the commit I based the pull request on was the second last! All debugging was removed in the final commit. I'll update the pull request tomorrow when I'm back at work.
-------- Original Message --------
Also do we have any test cases / policies or something for each of these so I can test quick?
Reply to this email directly or view it on GitHub:
Sent from my Android device with K-9 Mail. Please excuse my brevity.
No worries, thanks for your help on making this a better library. CSP
Rene Hamburger wrote:
I've amended the original commit as my final changes added very little new content.
I haven't got any test cases, I've only been testing it with our setup and a few browsers (in particular the current and older Firefox versions).
As you'll see in the code, older Firefox browsers (v.4-22) handle the following directives differently:
If you're able to test with FF22 or older you should include some of these options.
I'm not aware of any of the other CSP-compatible browsers departing from what is now defined in the CSP 1.0 specs. So for them the only difference is the title of the header-field.