
A Refined Content Security Policy - quantumwannabe
https://webkit.org/blog/6830/a-refined-content-security-policy/
======
aorth
The article links to a demo of the inline hashing capability (Content Security
Policy Level 2) in new WebKit / Safari Technology Preview, and I notice it
also works in Firefox beta (49) and Chrome beta (52) on Android. Do these
browsers support this inline hashing or are they just falling back on the
'unsafe-inline' in the policy?

It's cool that Safari dev tools allow you to compute the hash of inline
scripts and styles. I only know how to do it for external assets using
OpenSSL!

