Open Robinfr opened 2 weeks ago
Needs technical review from our team first.
This will be postponed until after 10.12 unfortunately. But I will leave the PR here for future.
This will be postponed until after 10.12 unfortunately. But I will leave the PR here for future.
Thanks for the update and the PR - I'll mark it for future release and review it once your team has reviewed it.
Updated the Content Security Policy documentation to explain about the changes coming in the future.
The header can now be configured using a custom runtime setting which offers more flexibility than setting it through the Cloud Portal (support for nonces).
It will also be the preferred approach, as it will allow developers that create custom request handlers to build on top of our implementation, instead of devising their own.