|
|
|
|
|
|
by ijpsud
2190 days ago
|
|
|
Correct me if I'm wrong, but couldn't they just save your secret data to localStorage and then send it off when you load another page from the same origin (a page without those headers)? Or does the CSP of one page somehow apply to the whole origin? I'm not up to date on this stuff. |
|
|