"I spent yesterday evening reading up on optimal selection of argon2id parameters for storing passwords in my web app that lets me catalogue what electronics parts I have in my storage bin" - statements dreamed up by the utterly deranged (past me)
Edited 283d ago
I ran into something yesterday where I needed to dynamically generate some CSS in a view cell, which obviously doesn't work with CSP due to having no inline styles allowed, and I was about to go down the rabbit hole of deciding whether to implement inline nonces or create a new controller that emits specific CSS payloads as per the necessary format which could then be inserted into the page, and then I realised it doesn't fucking matter and just enabled unsafe-inline because who gives a shit.
@gsuberland The year is 2028, an alert is generated on Google's Web Complete Overwatch Populace Security (WebCOPS) Dashboard. 5 minutes later you get a knock on the door "Open up! It's the CSP police!"