-
Spin off from #468.
Alex:
> I a conversation I had with @metromoxie makes me think we should also add a special none or blank
> value to Service-Worker-Allowed to disable SWs entirely. Many users wa…
-
## Summary
It is recognized that a `nonce` based `Content-Security-Policy` (CSP) is stronger if it does not allow `strict-dynamic`, since scripts that are running cannot load other scripts arbitraril…
-
I think that signing-bodies-without-signing-their-names is likely to turn into security vulnerabilities unless everyone tightly controls which keys they use to sign which content.
The simplest exam…
-
- [mops](https://github.com/ZenVoich/mops) ([derivation](https://github.com/nomeata/ic-certification/blob/main/mops.nix/default.nix))
- [wasmtime](https://github.com/ninegua/ic-nix/blob/6308c1d2f9fb3…
-
It doesn't seem like a desirable default value as it would allow third parties to prompt. See also https://github.com/privacycg/storage-access/issues/12.
-
Content Security Policy (CSP) Header Not Set
Server Version: 10.0.1
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of atta…
-
They don't seem to match browser behavior, for one thing: as far as I can tell, the spec requires the style attribute to be _parsed_, but not _applied_. How that's supposed to interact with `.style` …
-
Früher oder später kommen wir wohl an diesem Thema nicht vorbei. Umgang mit Headern in Verbindung mit AddOns etc.
Mein Vorschlag.
REDAXO selbst gibt ein sehr striktes Headerkonzept vor mit z.B. …
-
## Acceptance criteria
- [x] The listed features are documented sufficiently on MDN
- [x] BCD is updated
- [x] Interactive example and data repos are updated if appropriate
- [x] The content has…
-
As I understand it `` should load /example.png as if it was on the containing page.
To this end, I feel like the navigation should go via the parent page's service worker's fetch event.
Unfortunatel…