content-security-policy
content-security-policy copied to clipboard
WebAssembly
My understanding is that [Firefox](https://bugzilla.mozilla.org/show_bug.cgi?id=1740263) has implemented wasm-unsafe-eval, and [Chrome](https://chromestatus.com/feature/5499765773041664) has as well. What else is remaining so that this proposal can advance to phase 4?
With the current proposal, it appears to be impossible to benefit from `wasm-unsafe-eval` through progressive enhancement. For maximum browser compatibility, `unsafe-eval` is still required and due to > If the...
Currently with `wasm-unsafe-eval` there is no distinction between Wasm being executed from a trusted source versus Wasm being executed from an untrusted source. One of the primary features of CSP...
In the current specification, [it's mentioned](https://www.w3.org/TR/CSP3/#wasm-integration) that WebAssembly is only integrated with the `unsafe-eval` and `wasm-unsafe-eval` stanza for `script-src`. Separately, there is also a mode of CSP known as [`strict-dynamic`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#strict-dynamic)...
