docs: makes note of HTTP header CSP usage with file:// (#14768)

This commit is contained in:
Slapbox 2018-11-28 03:58:18 -05:00 committed by Cheng Zhao
parent 9890d1e251
commit d7d4b8638d

View file

@ -374,8 +374,10 @@ session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
### CSP Meta Tag ### CSP Meta Tag
CSP's preferred delivery mechanism is an HTTP header. It can be useful, however, CSP's preferred delivery mechanism is an HTTP header, however it is not possible
to set a policy on a page directly in the markup using a `<meta>` tag: to use this method when loading a resource using the `file://` protocol. It can
be useful in some cases, such as using the `file://` protocol, to set a policy
on a page directly in the markup using a `<meta>` tag:
```html ```html
<meta http-equiv="Content-Security-Policy" content="default-src 'none'"> <meta http-equiv="Content-Security-Policy" content="default-src 'none'">