CSP implementation has been updated for the final spec

Published: | Categories: Privacy & Security

Description

Content Security Policy (CSP) 1.0 spec has been implemented. The existing parser will be used when a policy is served via the X-Content-Security-Policy header, and the new parser that follows the 1.0 spec will be used when a policy is served via the officially spec’d Content-Security-Policy header. See the post on the Mozilla Security Blog for details. Consult the latest spec if you’d like to implement CSP on your site. The documents on MDN will be updated sometime soon.

References