[Webkit-unassigned] [Bug 223848] CSP: iframe with sandbox="allow-scripts" does not respect default-src 'self' policy
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Mar 27 21:31:54 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=223848
--- Comment #1 from Daniel <hi at daniel-massey.com> ---
Apologies, the error being thrown is actually this one:
Refused to load https://cloudflare-ipfs.com/ipfs/QmUiDhFZeFnJvHgxGbwPucT8kyZvAzBsFFA12vPNxfsP6u/test.js because it appears in neither the script-src directive nor the default-src directive of the Content Security Policy.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210328/d4528003/attachment-0001.htm>
More information about the webkit-unassigned
mailing list