Add CSP-compliant mode (Content Security Policy)
See original GitHub issueI might be missing something obvious here, and if so, I apologize in advance.
I expected this to work:
<div v-show="!metadata">
But it didn’t. Is there a good reason for this?
Issue Analytics
- State:
- Created 10 years ago
- Comments:20 (7 by maintainers)
Top Results From Across the Web
Using Content Security Policy (CSP) to Secure Web Applications
Using CSP Directives. CSP allows you to define a variety of content restrictions using directives, usually specified in HTTP response headers.
Read more >Content Security Policy (CSP) - HTTP - MDN Web Docs
Chrome Edge
Content‑Security‑Policy Full support. Chrome25. more. Toggle history Full sup...
base‑uri Full support. Chrome40. Toggle history Full sup...
block‑all‑mixed‑content. Deprecated Full support. ChromeYes. Toggle history...
Read more >What is Content Security Policy (CSP) | Header Examples
A Content Protection Policy (CSP) adds protection measures against XSS, clickjacking, and other code injection attacks. Learn how.
Read more >Strict CSP - Content Security Policy
To enable a strict CSP policy, most applications will need to make the following changes: Add a nonce attribute to all <script> elements....
Read more >Understanding Content Security Policies - Adobe Tech Blog
Deploying Content Security Policies (CSPs) can help increase the security ... Also, there are trade-offs to running in CSP compliant mode.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This is a significant blocker for us using vue.js in a privileged environment on FirefoxOS apps – we have a sandbox workaround, but still really sucks 😦
Personally I’d love to see CSP-compliance implemented here, I am guessing this will be a blocker on more and more projects
I meet this same problem in Vue@2.x. I solved it just add the page to
sandbox
option in manifest.json.