•  
      request #7879 Content-Security-Policy header blocks all Javascript code from external websites
    Infos
    #7879
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-02-18 11:38
    7885
    Details
    Content-Security-Policy header blocks all Javascript code from external websites
    It is not possible to allow the loading of some Javascript from an external website with the current Content-Security-Policy header. This is annoying because we can't load Google Analytics script for example.

    Reference : http://www.w3.org/TR/CSP2/#directive-script-src
    Other
    7.10
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-02-19
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    dylan bowden (dylan)2015-02-19 17:45
    • Status changed from Under review to Closed
    • Close date set to 2015-02-19