|
|
|
|
|
|
by nsgi
3728 days ago
|
|
|
One reason might be that developers would probably just do the minimum possible CSP rather than following the spirit of it. Unlike with HTTPS, a CSP could be created with the exact same security model as no CSP using directives like unsafe-eval. |
|
|