22 November 2019 https://twitter.com/RyanTownsend/status/1197876919993323522
from talk by @SimonHearne at performance.now() conference, Amsterdam, NL, 2019.
CSP Directive | HTML/JS Features |
---|---|
default-src | * |
connect-src | XMLHttpRequest() , WebSocket() , EventSource() , sendBeacon() , fetch() |
style-src | <link rel=stylesheet> |
script-src | <script> |
form-action | <form> |
font-src | @font-face |
child-src | <iframe> , Worker() |
object-src | <object> , <embed> |
media-src | <video> , <audio> |
image-src | <img> |
manifest-src | <link rel=manifest> |