Re: Scheme REPL again and Issue with guide to macros

Show/hide message thread

Scheme REPL again and Issue with guide to macros Jakub T. Jankiewicz (21 Nov 2021 23:05 UTC)

Re: Scheme REPL again and Issue with guide to macros Vasilij Schneidermann (22 Nov 2021 12:05 UTC)

Re: Scheme REPL again and Issue with guide to macros Jakub T. Jankiewicz (22 Nov 2021 12:27 UTC)

Re: Scheme REPL again and Issue with guide to macros Vasilij Schneidermann (22 Nov 2021 14:58 UTC)

Re: Scheme REPL again and Issue with guide to macros Lassi Kortela (24 Nov 2021 12:15 UTC)

Re: Scheme REPL again and Issue with guide to macros Vasilij Schneidermann (24 Nov 2021 12:52 UTC)

Guide to macros Lassi Kortela (24 Nov 2021 12:32 UTC)

Re: Guide to macros Jakub T. Jankiewicz (24 Nov 2021 14:00 UTC)

Re: Scheme REPL again and Issue with guide to macros Vasilij Schneidermann 24 Nov 2021 12:52 UTC

Show/hide attachments

Hello Lassi,

> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri
> claims the feature is deprecated.

Yeah, the intention is to replace it with `report-to`, however that is
only supported by Chrome and its derivatives. You'd need to use both for
significant coverage.

> Indeed different subdomains can (and in some cases, clearly should) have
> different headers. E.g. https://github.com/schemeorg/linux-configurations/blob/a6d132ad114160171f0d281d64ed787069b703e9/nginx.scm#L340
>
> For Jakub's use case (hosting static files such as JS, CSS, fonts) could we
> make a subdomain like "assets.scheme.org", and set the CSP for all the other
> scheme.org subdomains so that they can read from "assets"?

Sounds good to me. That should be a matter of adding `script-src
https://assets.scheme.org`.

Vasilij