Even if they removed 'unsafe-inline'. (or added a nonce), any JSONP endpoint on whitelisted domains/paths can be the nail in their coffin.
確定! 回上一頁