Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Good idea but white listing seems inflexible for all web sites, now that most innovation takes place on ready sharing on social networks.


CSP doesn't block you from using social networking widgets: it does insist, however, that you specify up front which widgets you'll be using, and to whitelist those domains. If you trust Facebook's JavaScript, for example, you can certainly include it on your site. You'll need to whitelist the appropriate domain for framing or scripting, that's all.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: