Please sign in to comment.
issue: iFrame Single Quotes
It's all about the single quotes baby! Apparently I can't read; the single quotes are only meant for word options such as `'self'` and `'none'`. When adding single quotes to the `<host-source>` options it takes them literally…too literally. For example, if your options are `'localhost:80 localhost:8080 localhost:8000'` then `'localhost:80` and `localhost:8000'` will be seen as "invalid" due to the single quotes. This removes the single quotes from every line that sets the CSP so all options are valid. This also adds single quotes around the `self` option so it stays valid as well.
- Loading branch information...