|
CSP Jakub T. Jankiewicz (06 Aug 2022 13:55 UTC)
|
|
Re: CSP
Arthur A. Gleckler
(08 Aug 2022 18:28 UTC)
|
|
Re: CSP
Jakub T. Jankiewicz
(08 Aug 2022 20:00 UTC)
|
|
Re: CSP
Arthur A. Gleckler
(08 Aug 2022 20:14 UTC)
|
|
Re: CSP
Vasilij Schneidermann
(08 Aug 2022 20:47 UTC)
|
|
Re: CSP
Arthur A. Gleckler
(03 Oct 2022 21:14 UTC)
|
|
Re: CSP
Jakub T. Jankiewicz
(19 Jan 2023 14:04 UTC)
|
|
Re: CSP
Magnus Ahltorp
(19 Jan 2023 19:50 UTC)
|
|
Re: CSP
Jakub T. Jankiewicz
(19 Jan 2023 20:10 UTC)
|
CSP Jakub T. Jankiewicz 06 Aug 2022 13:55 UTC
I'm just wondering if you maybe can relax some of the CSP rules you have on the site. Scheme.org don't have any user generate content, it doesn't have any user input. CSP was mostly to prevent XSS and other similar attacks. There is not need for such a thing for website like scheme.org. I'm asking this because I can't run my bookmarklet that create Scheme REPL. https://lips.js.org/#bookmark I use only one Domain https://cdn.jsdelivr.net it's CDN (Content Delivery Network[1]) for files from NPM package registry for JavaScript packages. [1]: https://en.wikipedia.org/wiki/Content_delivery_network -- Jakub T. Jankiewicz, Senior Front-End Developer https://jcubic.pl/me