mirror of
https://github.com/meteor/meteor.git
synced 2026-05-02 03:01:46 -04:00
a102872a96
- Remove starter-browser-policy and replace it with BrowserPolicy.enableContentSecurityPolicy(), which gives you the starter policy and allows you to use the other BrowserPolicy functions to configure it. This is motivated by the fact that the API isn't very intuitive without a well-defined starting policy. ex: if the package starts off without a policy, and then the user calls allowAllContentSameOrigin(), that will result in turning off inline scripts, which is probably not what they wanted. - AllContent functions do more of what you'd expect now; i.e. BrowserPolicy.disallowAllContent() actually disallows all content, instead of setting default-src to 'none', which will allow other types of content that have previously had srcs set for them. - Add some tests
822 B
822 B