[openstreetmap/openstreetmap-website] Added color preview box in tag browser sidebar (#1779)
notifications at github.com
Mon Mar 19 15:21:02 UTC 2018
But still, CSP has `nonce`s for exactly such purposes to allow some specific use instead of general `unsafe-inline` directive.
And of course, it also depends on the framework's support for CSP and how easy it is to use `nonce`s.
secure_headers gem seems to support this just fine, but as soon as the `nonce` is present in CSP `style-src` browsers will stop allowing `unsafe-inline`, breaking the styling in such places, so it needs to be done trough-out the website at once or have the CSP in report-only mode for a while until all instances are tackled.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rails-dev