You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to CSP Level 2, 'unsafe-inline' in 'script-src' or 'style-src' will be ignored if a hash or nonce source is used. This is quite convenient as one can maintain backwards compatibility without sacrificing security in modern user agents. Observatory no longer shows a warning for this in the case of 'script-src' since Issue #88 has been closed, but in 'style-src' it still does.
The text was updated successfully, but these errors were encountered:
fmeum
added a commit
to fmeum/http-observatory
that referenced
this issue
Oct 21, 2017
According to CSP Level 2, 'unsafe-inline' in 'script-src' or 'style-src' will be ignored if a hash or nonce source is used. This is quite convenient as one can maintain backwards compatibility without sacrificing security in modern user agents. Observatory no longer shows a warning for this in the case of 'script-src' since Issue #88 has been closed, but in 'style-src' it still does.
The text was updated successfully, but these errors were encountered: