You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
frame-src was a part of CSP1, but deprecated in CSP2 in favor of child-src.
This seems to have been undone in CSP3, so frame-src is undeprecated.
I can see how this might lead to confusion in authoring a CSP.
Is there an objectively correct thing express-legacy-csp could do to help authors by renaming these directives according to the support in the version of the policy served to browsers with differing support?
The text was updated successfully, but these errors were encountered:
frame-srcwas a part of CSP1, but deprecated in CSP2 in favor ofchild-src.This seems to have been undone in CSP3, so
frame-srcis undeprecated.I can see how this might lead to confusion in authoring a CSP.
Is there an objectively correct thing express-legacy-csp could do to help authors by renaming these directives according to the support in the version of the policy served to browsers with differing support?
The text was updated successfully, but these errors were encountered: