lweichselbaum
commented
2 years ago Both changes sound reasonable. Also +1 to your summary on the main thread.
cc: @ddworken
Closed adamraine closed 2 years ago
lweichselbaum
commented
2 years ago Both changes sound reasonable. Also +1 to your summary on the main thread.
cc: @ddworken
ddworken
commented
2 years ago SGTM! Let me know if you have any questions about the code or if I can help!
lweichselbaum
commented
2 years ago Addressed in #40. Thanks Adam and David!
https://github.com/GoogleChrome/lighthouse/issues/12804#issuecomment-887805754
Hey folks, we had some useful feedback about the CSP XSS audit in Lighthouse. I think the changes needed to be made here are pretty simple:
object-srcif it is missing (i.e.object-srcdoes not need to be'none')report-urirequirement and rely on the docs to recommend configuring a reporting destination.I'm happy to work on this in g3 if you are on board with the changes :)