Skip to content

RFC: Use blob URL instead of inline JavaScript

Kai Uwe Broulik requested to merge work/cspblob into master

To avoid tripping on unsafe inline content security policies.


Fixes Spotify media session API in Firefox for me

Needs a lot more testing. Firefox docs say "Some browsers specifically exclude blob and filesystem from source directives.", so I wonder what's that about. So far I haven't noticed any regressions but I haven't done much testing.

@fvogt @bshah

Merge request reports