|
|
|
|
|
|
by midtake
432 days ago
|
|
|
Why? If you're the content owner, you should be able to. If you factor out inline code, you will likely just trust your own other domain. When everything is a cdn this can lead to less security not more. Do you mean people should be banned from inlining Google Analytics or Meta Pixel or Index Now or whatever, which makes a bunch of XHRs to who knows where? Absolutely! But nerfing your own page performance just to make everything CSP-compliant is a fool's errand. |
|
|