1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-27 14:12:09 +00:00

Support disabling sandbox altogether

This commit is contained in:
Rohan Kumar 2022-11-10 18:36:19 -08:00
parent 31aa78fef4
commit b5b06626e1
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479

View file

@ -63,12 +63,15 @@ Some browser software breaks upon encountering strict <abbr>CSPs</abbr>. It's di
Try reproducing the bug on the following pages: Try reproducing the bug on the following pages:
1. [This page's canonical location](https://seirdy.one/meta/csp-bug-reproduction/) 1. [This page's canonical location](https://seirdy.one/meta/csp-bug-reproduction/)
2. [My homepage](https://seirdy.one/) 2. [This page again, but with a `sandbox` query parameter](https://seirdy.one/meta/csp-bug-reproduction/?sandbox=0)
3. <a href="https://seirdy.one/sample-404/" rel="nofollow">My 404 page</a> 3. [My homepage](https://seirdy.one/)
4. <a href="https://seirdy.one/sample-404/" rel="nofollow">My 404 page</a>
Note the following: Note the following:
- If you can reproduce the bug on all three pages: the offending directive is probably a fetch directive. - If you can reproduce the bug on all four pages: the offending directive is probably a fetch directive.
- If you can reproduce the bug on all pages _except_ the second (this page with the query parameter): the offending directive is probably a `sandbox` directive, even if it contains `allow-same-origin` and `allow-scripts`.
- If you can _not_ reproduce the bug on this page, but _can_ reproduce the bug on my homepage and my 404 page: the offending directive is a `sandbox` directive that blocks scripts (no `allow-scripts` present). - If you can _not_ reproduce the bug on this page, but _can_ reproduce the bug on my homepage and my 404 page: the offending directive is a `sandbox` directive that blocks scripts (no `allow-scripts` present).