Lucas Adamski wrote: > Developers rely on the browser security model in countless ways > already. A fundamental attribute of security models is reliability.
I am not arguing we should make CSP work a random 50% of the time. I am arguing that CSP is not a "security model", it's a "phew, I would have just got stuffed, but it saved me this time" model. Security models are things you rely on. CSP is a second line of defence for when your security model fails, and it doesn't promise to save your ass every time. Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
