480ceb5e08
Having both a Content-Security-Policy (CSP) in meta tag and per header works fine together. They are merged and the strongest one is applied. It makes Croodle safer for all users even if the hoster does not apply CSP for some reason (e.g. they can't set custom headers). It's still a good idea to recommend using a CSP header cause that ones are applied earlier - even so this shouldn't be a problem cause we ensure that CSP meta tag is present before any other link, style or script element. |
||
|---|---|---|
| .. | ||
| acceptance | ||
| helpers | ||
| integration | ||
| pages | ||
| unit | ||
| index.html | ||
| test-helper.js | ||