github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-01-10 07:58:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

docs: makes note of HTTP header CSP usage with file:// (#14768)

Browse Source
This commit is contained in:
Slapbox
2018-11-28 03:58:18 -05:00
committed by Cheng Zhao
parent 9890d1e251
commit d7d4b8638d
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/tutorial/security.md
View File

@@ -374,8 +374,10 @@ session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
### CSP Meta Tag
CSP's preferred delivery mechanism is an HTTP header. It can be useful, however,
to set a policy on a page directly in the markup using a `<meta>` tag:
CSP's preferred delivery mechanism is an HTTP header, however it is not possible
to use this method when loading a resource using the `file://` protocol. It can
be useful in some cases, such as using the `file://` protocol, to set a policy
on a page directly in the markup using a `<meta>` tag:
```html
<meta http-equiv="Content-Security-Policy" content="default-src 'none'">