(Superseded) Experimenting with a 'strict-dynamic' Content Security Policy (CSP)

As the strict-dynamic CSP is non-optional from Discourse v3.3.0.beta3 onwards, we’ve updated Mitigate XSS Attacks with Content Security Policy and this topic will be closed.

2 Likes