Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify the $csp rules usage #1143

Closed
ameshkov opened this issue Oct 1, 2019 · 1 comment
Closed

Clarify the $csp rules usage #1143

ameshkov opened this issue Oct 1, 2019 · 1 comment
Assignees
@sxgunchenko
Labels
Enhancement P2: High
Milestone
v1.5

Comments

@ameshkov
Copy link
Member

ameshkov commented Oct 1, 2019
edited
Loading

  1. $csp rules use the regular matching algorithm. e.g. $csp=script-src 'none',domain=example.org will match the https://example.org: Domain restrictions semantics AdguardBrowserExtension#1474.
  2. $csp rules are applied to both DOCUMENT resources: https://stackoverflow.com/questions/54203764/content-security-policy-csp-header-onto-each-file-or-only-the-actual-html-pag:

    "The resources which can be requested (and subsequently embedded or executed) on behalf of a specific Document or Worker"

We should figure out what to do with the Workers part. It seems that it does not really work in Chrome, only in FF.
@ameshkov ameshkov added this to the v1.5 milestone Oct 1, 2019
@ameshkov ameshkov mentioned this issue Oct 1, 2019
Open
@sxgunchenko
Copy link

  1. works as intended
  2. already discussed

@zzebrum zzebrum closed this as completed Jan 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sxgunchenko sxgunchenko

Labels
Enhancement P2: High
Projects
None yet
Milestone
v1.5
Development

No branches or pull requests
3 participants
@ameshkov @sxgunchenko @zzebrum