GitHub

Path restrictions for script-src?

I'm trying to restrict the CSP to only allow scripts from a certain folder (/js). Unfortunately script-src does not seem to support relative URLs, therefore I need to include the absolute path (e.g.
GitHub

Add support for inline scripts and styles using the nonce

The W3C page for CSP 2.0 talks about using a nonce to enable in-line styles and scripts. In my personal opinion, this is the biggest hurdle for adoption of CSP by the mainstream. Modernizr STILL does ...