Current versions of Chrome, Firefox, and Safari support the standard Content-Security-Policy header. We shouldn't be sending the deprecated X-Content-Security-Policy and X-Webkit-CSP headers.
Commit pushed to master at https://github.com/mozilla/webmaker-profile-service https://github.com/mozilla/webmaker-profile-service/commit/4712d88a8dbde955526612f18a4316ed85257e8d Fix bug 950885 - Only send standard CSP header
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.