|
|
|
|
|
|
by nailer
3923 days ago
|
|
|
Edit : post below is right, nonces are only for inline scripts https://bugs.webkit.org/show_bug.cgi?id=89577 original: IIRC CSP already has hashes for resources, which also would handle this purpose. As a side note, there's at least one CDN already hosting fake copy of bootstrap - I've seen a mlicious extension loading it in my report-uri.io logs. |
|
|