RFC: Use blob URL instead of inline JavaScript (!12) · Merge requests · Plasma / Plasma Browser Integration

Kai Uwe Broulik requested to merge work/cspblob into master Aug 17, 2020

To avoid tripping on unsafe inline content security policies.

Fixes Spotify media session API in Firefox for me

Needs a lot more testing. Firefox docs say "Some browsers specifically exclude blob and filesystem from source directives.", so I wonder what's that about. So far I haven't noticed any regressions but I haven't done much testing.

@fvogt @bshah

RFC: Use blob URL instead of inline JavaScript

Merge request reports