Artifact ed027b1032cccad2f2a2bcae4364922ba11f4b5ed648dbe71493c6de9de0ffb6:
- File test/csp1.html — part of check-in [14c81d9d2b] at 2020-02-26 14:28:31 on branch trunk — Put the Content-Security-Policy in the HTTP reply header in addition to the HTML header. That way, the CSP is enforced even for raw HTML pages or if the skin provides an HTML header that omits the CSP. Add a new "default-csp" setting included with the skin that allows an administrator to change the CSP to allow for CDNs and such. (user: drh size: 545) [more...]