This would also allow for testing local files against CSP directives.
---------------------------
"Axel Dahmen" <keentok...@newsgroup.nospam> schrieb im Newsbeitrag
news:q_gdneegtdzj7rfwnz2dnuvz_tidn...@mozilla.org...
I've read through the CSP specs
(https://wiki.mozilla.org/Security/CSP/Spec#Source_Expression_List) and
the
Talk (https://wiki.mozilla.org/Talk:Security/CSP/Spec)...
What I'm missing is a statement about allowing CSP directives in HTML
<meta>
tags.
Use case:
---------
My provider just provides the ability to upload HTML and related content,
but they don't provide an option to manipulate the server's output to any
degree. So configuring HTTP response headers is not possible here.
However,
I want to protect my web pages just like any other. So the only option I
would have to get CSP applied would be through using HTML <meta> tags.
Axel Dahmen
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
