newsmode MarketNews
arrow_back К списку
rss_feedSimon Willison ·13.05.2026 open_in_newОригинал

CSP Allow-list Experiment

translate EN + RU language Только EN language Только RU

Simon Willison’s Weblog

13th May 2026

An experiment that shows that you can load an app in a CSP-protected sandboxed iframe (see previous note) and have a custom fetch() that intercepts CSP errors and passes them up to the parent window... which can then prompt the user to add that domain to an allow-list and then refresh the page.

I built this one with GPT-5.5 xhigh running in the Codex desktop app.

Recent articles

  • Notes on the xAI/Anthropic data center deal - 7th May 2026
  • Live blog: Code w/ Claude 2026 - 6th May 2026
  • Vibe coding and agentic engineering are getting closer than I'd like - 6th May 2026

    • This is a beat by Simon Willison, posted on 13th May 2026.

    Monthly briefing

    Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

    Pay me to send you less!

  • Disclosures
  • Colophon
  • ©
  • 2002
  • 2003
  • 2004
  • 2005
  • 2006
  • 2007
  • 2008
  • 2009
  • 2010
  • 2011
  • 2012
  • 2013
  • 2014
  • 2015
  • 2016
  • 2017
  • 2018
  • 2019
  • 2020
  • 2021
  • 2022
  • 2023
  • 2024
  • 2025
  • 2026