login/register

Snip!t from collection of Alan Dix

see all channels for Alan Dix

Snip
summary

The altered language significantly weakened the stance t... bypass Content Security Policy for user-supplied add-ons... providing the capability for users or add-ons to modify ...

Content Security Policy is currently being enforced by a ...

https://medium.com/making-instapaper/bookmarklets-are-dead-d470d4bbb626#.tfok...

Categories

/Channels/techie/JavaScript

[ go to category ]

For Snip

loading snip actions ...

For Page

loading url actions ...

Full snip

The altered language significantly weakened the stance that browsers should bypass Content Security Policy for user-supplied add-ons, and suggests that providing the capability for users or add-ons to modify the Content Security Policy is optional. And it is.

Content Security Policy is currently being enforced by all major browsers, and is used by major websites like GitHub, Twitter, and Medium. Support for modifying Content Security Policy is non-existent for users, tenuous for browser extensions, and impossible for bookmarklets. The end result is, unfortunately, an all too familiar story: we’ve sacrificed end-user freedom for the promise of additional security.