CSP Allow-list Experiment

📰 Simon Willison's Blog

Tool: CSP Allow-list Experiment An experiment that shows that you can load an app in a CSP-protected sandboxed iframe (see previous note ) and have a custom fetch() that intercepts CSP errors and passes them up to the parent window... which can then prompt the user to add that domain to an allow-list and then refresh the page.</

Published 13 May 2026
Read full article → ← Back to Reads