Open larrysalibra opened 4 years ago
Some servers don't properly set the mime-type. This means that items with incorrect mime types get flagged under the default-src 'none' rule.
default-src 'none'
We should change default-src 'none' to default-src 'self'.
default-src 'self'
What is the default-src 'none' rule ?
The default-src 'none' rule blocks all requests. The thinking was to block everything and then only allow requests types we want. White list instead of blacklist.
Some servers don't properly set the mime-type. This means that items with incorrect mime types get flagged under the
default-src 'none'
rule.We should change
default-src 'none'
todefault-src 'self'
.