You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With the current proposal, it appears to be impossible to benefit from wasm-unsafe-eval through progressive enhancement. For maximum browser compatibility, unsafe-eval is still required and due to
If the unsafe-eval source keyword is used, then this overrides any occurence of wasm-unsafe-eval in the CSP policy.
is compatible with browsers that do not recognize nonce-*, but browsers that do recognize nonce-* use the more restrictive nonce and ignore the more general 'unsafe-inline'.
The text was updated successfully, but these errors were encountered:
With the current proposal, it appears to be impossible to benefit from
wasm-unsafe-evalthrough progressive enhancement. For maximum browser compatibility,unsafe-evalis still required and due tospecifying both gives no benefit.
There is prior art for enabling progressive enhancement by doing the opposite, for example in the interaction of
unsafe-inlineandnonce-*:is compatible with browsers that do not recognize
nonce-*, but browsers that do recognizenonce-*use the more restrictive nonce and ignore the more general'unsafe-inline'.The text was updated successfully, but these errors were encountered: