0

Where can I find out what content security policy (CSP) features are supported by the Safari browser?

I am getting error reports only for Safari and want to confirm whether or not Safari supports the policy I have in place.

My Policy:

base-uri; object-src; script-src https://*.example.com *.example.com 'nonce-LwhUCQNCuRTtk6dBXRpPjw==' 'strict-dynamic' 'unsafe-inline'; report-uri https://example.com/csp/report;",
Brett Y
  • 7,171
  • 1
  • 28
  • 42
  • Related, though you may not need it: [How does Content Security Policy work?](https://stackoverflow.com/q/30280370/608639) and [Refused to load the script because it violates the following Content Security Policy directive](https://stackoverflow.com/q/31211359/608639) – jww Oct 20 '18 at 00:03

1 Answers1

1

Looks like my answer is now out of date:

Important: This document is no longer being updated. For the latest information about Apple SDKs, visit the documentation website.

Old Answer:

A few months later and I stumble upon my own unanswered question :(.

The best place to find out what is supported, that I've found, is Safari's release notes.

FWIW CSP 2.0 support was added in Safari 10.0.0

Brett Y
  • 7,171
  • 1
  • 28
  • 42