CSP2: Exclude 'blob:' and 'filesystem:' from the 'self' source expression.

In CSP2, the `'self'` source expression explicitly excludes `blob:` and `filesystem:`. This means that developers will need to add those schemes explicitly to their directives if they wish to include content at those URLs.



Established standard

Status in Chromium


Enabled by default (launch bug) in:

  • Chrome for desktop release 45
  • Chrome for Android release 45
  • Android WebView release 45
  • Opera release 32
  • Opera for Android release 32

Consensus & Standardization

  • Public support
  • No public signals
  • No public signals
  • No signals


Last updated on 2017-06-14