|
|
|
|
|
|
by valenterry
480 days ago
|
|
|
It just warns about all embedded non-same-origin scripts that don't have a hash. > What about scripts that are generated dynamically and have no static hash? Well, then the warning is still valid because this is a security risk. I guess it'd be fine to be able to suppress the warning explicitly in those cases. > There's plenty of reasons why you wouldn't want this. For example? Honestly curious where you would not want a warning by default. |
|
|