1 comment

[ 77.0 ms ] story [ 617 ms ] thread
The article links to a demo of the inline hashing capability (Content Security Policy Level 2) in new WebKit / Safari Technology Preview, and I notice it also works in Firefox beta (49) and Chrome beta (52) on Android. Do these browsers support this inline hashing or are they just falling back on the 'unsafe-inline' in the policy?

It's cool that Safari dev tools allow you to compute the hash of inline scripts and styles. I only know how to do it for external assets using OpenSSL!