The article links to a demo of the inline hashing capability (Content Security Policy Level 2) in new WebKit / Safari Technology Preview, and I notice it also works in Firefox beta (49) and Chrome beta (52) on Android. Do these browsers support this inline hashing or are they just falling back on the 'unsafe-inline' in the policy?
It's cool that Safari dev tools allow you to compute the hash of inline scripts and styles. I only know how to do it for external assets using OpenSSL!
1 comment
[ 77.0 ms ] story [ 617 ms ] threadIt's cool that Safari dev tools allow you to compute the hash of inline scripts and styles. I only know how to do it for external assets using OpenSSL!