SecureHeaders Don't warn for 'unsafe-inline' if hash or nonce present in applicable directive

Don't warn for 'unsafe-inline' if hash or nonce present in applicable directive

Open aidantwoods opened this issue 7 years ago • 0 comments

E.g.

https://www.w3.org/TR/CSP2/#directive-script-src

If 'unsafe-inline' is not in the list of allowed script sources, or if at least one nonce-source or hash-source is present in the list of allowed script sources:[...]

As mentioned in #71.

Jan 22 '18 11:01 aidantwoods

SecureHeaders SecureHeaders copied to clipboard

Don't warn for 'unsafe-inline' if hash or nonce present in applicable directive

SecureHeaders
SecureHeaders copied to clipboard