You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
moving third-party libraries to a vendored directory. The risk I'd like to mitigate is that one of those deps can change out from under you, and then it can make (authenticated) requests to our backend to exfiltrate data. There's a few possible solutions:
The first approach takes about 15 seconds (adding "integrity=..." to script tags), but I prefer the second (which probably takes a few minutes) because then we can turn on a Content-Security-Policy that blocks all third-party connections, which is a much stronger invariant.
The text was updated successfully, but these errors were encountered:
from @bcspragu (via email) who suggests...
The text was updated successfully, but these errors were encountered: