You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Full list of PRs and features introduced since last version (1.5.0) can be found at Release 2.0.0 #76
Most important change to Snow was recognizing this task isn't doable without some CSP help
Which is why from this version forward Snow requires:
unsafe-inline to be forbidden
object-src to not allow same origin srcs
In order to introduce a higher level of security
Therefore, the demo app you know and love now enforces script-src 'self'; object-src 'none';
Your time is precious being highly talented figures, so I'd understand if you can't - but I invite you to give bypassing Snow another crack, with the hope that v2 is better secured.
Snow 2 ❄️
unsafe-inlineto be forbiddenobject-srcto not allow same origin srcsscript-src 'self'; object-src 'none';Your time is precious being highly talented figures, so I'd understand if you can't - but I invite you to give bypassing Snow another crack, with the hope that v2 is better secured.
Tagging former Snow security contributors @mmndaniel @arxenix @NDevTK @magicmac @rwaldron @benjamingr @naugtur @mhofman (thank you for your help so far ❤️ sorry if I forgot anyone)
Clarifications
The text was updated successfully, but these errors were encountered: