CSP Jakub T. Jankiewicz (06 Aug 2022 13:55 UTC)
Re: CSP Arthur A. Gleckler (08 Aug 2022 18:28 UTC)
Re: CSP Jakub T. Jankiewicz (08 Aug 2022 20:00 UTC)
Re: CSP Arthur A. Gleckler (08 Aug 2022 20:14 UTC)
Re: CSP Vasilij Schneidermann (08 Aug 2022 20:47 UTC)
Re: CSP Arthur A. Gleckler (03 Oct 2022 21:14 UTC)
Re: CSP Jakub T. Jankiewicz (19 Jan 2023 14:04 UTC)
Re: CSP Magnus Ahltorp (19 Jan 2023 19:50 UTC)
Re: CSP Jakub T. Jankiewicz (19 Jan 2023 20:10 UTC)

CSP Jakub T. Jankiewicz 06 Aug 2022 13:55 UTC

I'm just wondering if you maybe can relax some of the CSP rules you have on
the site. Scheme.org don't have any user generate content, it doesn't have
any user input. CSP was mostly to prevent XSS and other similar attacks.
There is not need for such a thing for website like scheme.org.

I'm asking this because I can't run my bookmarklet that create Scheme REPL.

https://lips.js.org/#bookmark

I use only one Domain https://cdn.jsdelivr.net it's CDN (Content Delivery
Network[1]) for files from NPM package registry for JavaScript packages.

[1]: https://en.wikipedia.org/wiki/Content_delivery_network

--
Jakub T. Jankiewicz, Senior Front-End Developer
https://jcubic.pl/me