You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Are nonces going to be added to CSPs deployed in origin manifest ? If so, will there be a mechanism for the browser to refresh the nonces in the origin-CSP and the nonces in the script tags of webpages where the CSP is applied ? If not, is it better rather deploy an additional nonced-CSP to webpages (as a header), in addition to the origin-CSP without nonces added to the manifest ?
The text was updated successfully, but these errors were encountered:
Considering that Origin Policies are meant to be cached and re-used across requests, and nonces become worse than useless if reused across requests, I don't see how you could use nonces in an origin policy.
Are nonces going to be added to CSPs deployed in origin manifest ? If so, will there be a mechanism for the browser to refresh the nonces in the origin-CSP and the nonces in the script tags of webpages where the CSP is applied ? If not, is it better rather deploy an additional nonced-CSP to webpages (as a header), in addition to the origin-CSP without nonces added to the manifest ?
The text was updated successfully, but these errors were encountered: