Commit graph

2 commits

Author SHA1 Message Date
Roeland Jago Douma
c21cee248c
Disallow eval on the StrictEvalCSP
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-07-11 21:12:36 +02:00
Roeland Jago Douma
b38fa573e1
Add stricter CSPs
* Deprecate our default CSP
* Add strict CSP that is always our strictest setting
* Add strict eval CSP (disable unsafe-eval)
* Add strict inline CSP (disables inline styles)

This is just to move forward and have a incremental improvement of our
CSP

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-13 14:47:57 +02:00