It looks like you can enable inline and eval stuff. Content-Security-Policy: scr... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kyrra on Jan 23, 2014 \| parent \| context \| favorite \| on: HTTP Security headers you should be using It looks like you can enable inline and eval stuff. `Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline'`

amenod on Jan 23, 2014 [–]

But in that case you don't benefit much from it... (afaik)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact