We have an Ember-based site which is divided into two conceptual sections which require their own content security policy. There is currently a single CSP applied to the index.html.
Is it possible for a Content-Security-Policy header sent in an API/server response after page load to be honoured by the browser? I have attempted to send this header in an API response, but it appears to not be honoured by Chrome.
Aucun commentaire:
Enregistrer un commentaire