Project

General

Profile

« Previous | Next » 

Revision fba4820b

Added by jahoti about 2 years ago

[UNTESTED- will test] Use more nuanced CSP filtering

CSP headers are now parsed and processed, rather than treated as simple
units. This allows us to ensure policies delivered as HTTP headers do not
interfere with our script filtering, as well as to preserve useful protections
while removing the ones that could be problematic. Additionally, prefetching
should now be blocked on pages where native scripts aren't allowed, and
all reporting of CSP violations has been stripped (is this appropriate?).

  • added
  • modified
  • copied
  • renamed
  • deleted