+1 to what Tom said. We should check the parsed CSP rather than string matching. Something useful to do for our backlog, I could see us exposing a utility function in our CSP code that answers whether a policy satisfies our internal requirements.
Bug 1895770 Comment 5 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
+1 to what Tom Schuster said. We should check the parsed CSP rather than string matching. Something useful to do for our backlog, I could see us exposing a utility function in our CSP code that answers whether a policy satisfies our internal requirements.