Y
Hacker News
new
|
ask
|
show
|
jobs
by
realusername
3923 days ago
you could just add a new public=true option to counter this. I think you can even already check that with an iframe (or js head inject & timing) anyway, no need for CSP for that.
1 comments
riking
3923 days ago
Or require crossorigin="anonymous", maybe in combination with Cache-Control: public.
link