You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CSP double policies enable setups that are not possible with just one CSP. When a browser sees a response with multiple CSP headers (or a single CSP header split via commas ","), the browser will enforce all those policies.
One common use case here is to support strict-dynamic with nonces and a URI allowlist, which isn't possible with a single script-src directive.
CSP double policies enable setups that are not possible with just one CSP. When a browser sees a response with multiple CSP headers (or a single CSP header split via commas ","), the browser will enforce all those policies.
One common use case here is to support
strict-dynamicwith nonces and a URI allowlist, which isn't possible with a singlescript-srcdirective.There's more information in this talk: https://youtu.be/_L06HetskC4?t=1754.
The text was updated successfully, but these errors were encountered: