Y
Hacker News
new
|
ask
|
show
|
jobs
by
porges
4525 days ago
'inline' is also treated as a separate source. If your policy is 'self' that only means same-origin code is allowed to run, and inline JS is disabled.