Content Security Policy: Difference between revisions

From annawiki
No edit summary
No edit summary
Line 11: Line 11:
==SVG==
==SVG==
*[[Content Security Policy - SVG]] - styles are unsafe-inline in Firefox and Edge
*[[Content Security Policy - SVG]] - styles are unsafe-inline in Firefox and Edge
==form-action==
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/form-action
Redirect blocking
* Firefox 57 doesn't block
* Chrome 63 does block

Revision as of 2018-02-20T17:33:06

MediaWiki

Failing on simple lists, no bullet points shown:

  • line one
  • line two

PDF in Chrome

https://bugs.chromium.org/p/chromium/issues/detail?id=271452

object-source:none and PDF will not be shown in Chrome

SVG

form-action

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/form-action Redirect blocking

  • Firefox 57 doesn't block
  • Chrome 63 does block