Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Describe the bug
A strict Content-Security-Policy looks like this:
This prevents execution of inline scripts and styles which WriteFreely uses.
Steps to reproduce (if necessary)
WriteFreely should be CSP-friendly and fully work with a strict CSP enabled. This would reduce attack surface for things like XSS.
We currently have to include
Version or last commit: v0.12.0-2-g037fc40
Note: that goes against other recommendations of reducing the number of HTTP requests for the sake of performance.