First party loads with incorrect mime type categorized as 3rd party

newinternetlabs / new-internet-extension

Other

14 stars 4 forks source link

First party loads with incorrect mime type categorized as 3rd party #21

Open larrysalibra opened 4 years ago

larrysalibra commented 4 years ago

Some servers don't properly set the mime-type. This means that items with incorrect mime types get flagged under the default-src 'none' rule.

We should change default-src 'none' to default-src 'self'.

friedger commented 4 years ago

What is the default-src 'none' rule ?

larrysalibra commented 4 years ago

The default-src 'none' rule blocks all requests. The thinking was to block everything and then only allow requests types we want. White list instead of blacklist.