Devdatta Akhawe
unread,Feb 18, 2015, 12:32:46 PM2/18/15Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Craig Francis, Joel Weinberger, security-dev, Devdatta Akhawe
Hey
Yeah, the source-file directive works well, but only seems to come up
when inline scripts/styles are blocked.
This is exactly the sort of knowledge that should be available
somewhere and my suggestion to Joel was basically that similar to how
the Chrome team is evangelizing HTTPS everywhere, it is also in the
perfect position to evangelize this knowledge for CSP adoption. I am
also hoping to compile together some of the things I have learnt and
post them somewhere soon.
cheers
Dev