You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The UrlRelative setting is just for resolving URLs. It is not an all-encompassing filter; it does nothing to absolute URLs.
Some people want the ability to filter all allowed URLs. And it seems sensible to just implement the same Content-Security-Policy language that browsers already implement, especially since it means the same definition can be shared between both.
The text was updated successfully, but these errors were encountered:
Before I can decide if this needs to go in at 1.0 or if it should be delayed until after 1.0 is released, we need to answer the question of whether there should be a Content-Security-Policy by default.
I think the answer's no, since the default setting blocks all CSS and JavaScript, while CSP is a way to restrict where CSS and JavaScript come from (as well as images, multimedia, objects, fonts, and a few other things that can usually be safely loaded from anywhere anyway).
https://github.com/notriddle/ammonia/issues/57#issuecomment-332423056
Just to be clear:
The text was updated successfully, but these errors were encountered: