Scheme REPL again and Issue with guide to macros
Jakub T. Jankiewicz
(21 Nov 2021 23:05 UTC)
|
Re: Scheme REPL again and Issue with guide to macros
Vasilij Schneidermann
(22 Nov 2021 12:05 UTC)
|
Re: Scheme REPL again and Issue with guide to macros
Jakub T. Jankiewicz
(22 Nov 2021 12:27 UTC)
|
Re: Scheme REPL again and Issue with guide to macros
Vasilij Schneidermann
(22 Nov 2021 14:58 UTC)
|
Re: Scheme REPL again and Issue with guide to macros
Lassi Kortela
(24 Nov 2021 12:15 UTC)
|
Re: Scheme REPL again and Issue with guide to macros Vasilij Schneidermann (24 Nov 2021 12:52 UTC)
|
Guide to macros
Lassi Kortela
(24 Nov 2021 12:32 UTC)
|
Re: Guide to macros
Jakub T. Jankiewicz
(24 Nov 2021 14:00 UTC)
|
Re: Scheme REPL again and Issue with guide to macros Vasilij Schneidermann 24 Nov 2021 12:52 UTC
Hello Lassi, > https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri > claims the feature is deprecated. Yeah, the intention is to replace it with `report-to`, however that is only supported by Chrome and its derivatives. You'd need to use both for significant coverage. > Indeed different subdomains can (and in some cases, clearly should) have > different headers. E.g. https://github.com/schemeorg/linux-configurations/blob/a6d132ad114160171f0d281d64ed787069b703e9/nginx.scm#L340 > > For Jakub's use case (hosting static files such as JS, CSS, fonts) could we > make a subdomain like "assets.scheme.org", and set the CSP for all the other > scheme.org subdomains so that they can read from "assets"? Sounds good to me. That should be a matter of adding `script-src https://assets.scheme.org`. Vasilij