"default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https://* about: javascript:; img-src chrome-extension:"
"options eval-script inline-script; allow https://* data:; frame-src https://* about: javascript:; img-src chrome-extension:"
'X-Content-Security-Policy'
'X-WebKit-CSP'
- STANDARD_HEADER_NAME =
"Content-Security-Policy"
- FF_CSP_ENDPOINT =
"/content_security_policy/forward_report"
- WEBKIT_DIRECTIVES =
DIRECTIVES = [:default_src, :script_src, :frame_src, :style_src, :img_src, :media_src, :font_src, :object_src, :connect_src]
- FIREFOX_DIRECTIVES =
DIRECTIVES + [:xhr_src, :frame_ancestors] - [:connect_src]
- META =
[:enforce, :http_additions, :disable_chrome_extension, :disable_fill_missing, :forward_endpoint]