6Eyl
CSP script-scr blob
What are the risks to allow a "blob:" directive to the script-src CSP? Is it safe? I have a list of allowed domains defined in script-src, but nonetheless I got an error specifying the violation of the CSP directive when trying to access a resource blob:myURL/my-id.
There is an example that showcase good practice and bad practices in the following page: https://csplite.com/csp105/; but this is valid for object-src. What about script-scr?