New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs(CSP) add compat data for 'wasm-unsafe-eval' source expression #17947
Conversation
I was using Safari Technology Preview number (141) instead of the release channel version (16) |
All looks good now @queengooborg if you can have a look 🙏🏻 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since Edge and Opera are Chrome-based, I think we can safely mirror the data from Chrome to them.
Co-authored-by: Queen Vinyl Da.i'gyu-Kazotetsu <vinyldarkscratch@gmail.com>
Seems to be breaking some tests with:
I've reverted in 6eb7fe1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like a lot of Opera Android is set to null
in this file, sorry. I'll submit a PR to fix it all up. To keep this PR unblocked, I'll go ahead and merge this and then make the corrections to Opera later!
This PR adds the
wasm-unsafe-eval
source expression as a child ofscript-src
.Content-Security-Policy: script-src 'wasm-unsafe-eval';
Open question:
Although
'wasm-unsafe-eval'
can only be used withscript-src
, it's one of many sources that can be used for thescript-src
directive. Should'wasm-unsafe-eval'
live underscript-src
or should sources have a separate list? This would be something like:The compat table for this would probably live on the sources page on MDN.
Browser support details
Related issues and pull requests