CSP: Ignore strict-dynamic for sources that are not scripts
The Content-Security-Policy source expression 'strict-dynamic' should only apply to scripts: https://w3c.github.io/webappsec-csp/#allow-all-inline Previously, we where applying it to all kind of sources. This fixes it. Bug: 694525, 651742 Change-Id: Ie92f45665b6b78902f6b511441a5096b9d93d135 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2203197 Commit-Queue: Antonio Sartori <antoniosartori@chromium.org> Reviewed-by:Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#835154}
Showing
Please register or sign in to comment