CSP: the thing that finally makes me jump out a window.

It's not that it's bad per se... well, I mean, it is, in several ways... but I can cope with it.

But when you're being pushed to apply a very strict policy to an app that is (a) itself 10 years old (predating CSP and most modern practices entirely you'll note), (b) has code that originally came from a 15-year old app at its core, and most critically (c) uses a third-party library that is at the very heart of it all and that simply can't ever play nice with CSP due to its fundamental nature... well... that's a recipe for an awful lot of head-meet-wall.

And you're not going to do a ground-up rewrite of an app that cost literally millions to develop (and is constantly being grown to this day) and which is now mission-critical and very highly regarded by the most important clients.


Add Comment