discourse

History

David Taylor 767b49232e FIX: Omit CSP nonce and hash values when unsafe-inline enabled (#25590 ) Browsers will ignore unsafe-inline if nonces or hashes are included in the CSP. When unsafe-inline is enabled, nonces and hashes are not required, so we can skip them. Our strong recommendation remains that unsafe-inline should not be used in production.	2024-02-07 12:35:35 +00:00
..
builder_spec.rb	FIX: Omit CSP nonce and hash values when unsafe-inline enabled (#25590 )	2024-02-07 12:35:35 +00:00

FIX: Omit CSP nonce and hash values when unsafe-inline enabled (#25590 )

Browsers will ignore unsafe-inline if nonces or hashes are included in the CSP. When unsafe-inline is enabled, nonces and hashes are not required, so we can skip them.

Our strong recommendation remains that unsafe-inline should not be used in production.

2024-02-07 12:35:35 +00:00

builder_spec.rb

FIX: Omit CSP nonce and hash values when unsafe-inline enabled (#25590 )

2024-02-07 12:35:35 +00:00