Importing modules inside HTML imports

caridy caridy at
Mon Aug 18 11:23:55 PDT 2014

John, you can also use SPDY/HTTP2.0 PUSH to send sticky code alongside with the original HTML that will mimic the use of inline scripts but behaves like an external script. Essentially, you will have: `<script src="/my-sticky-data-and-initialization-per-page.js"></script>`, while that script is actually sent thru the SPDY multi-plex, which means no roundtrip is issued, no perf penalty, and it complies with CSP restrictions, the best of both worlds!


On Aug 18, 2014, at 11:35 AM, John Barton <johnjbarton at> wrote:

> On Mon, Aug 18, 2014 at 8:02 AM, Anne van Kesteren <annevk at> wrote:
> On Mon, Aug 18, 2014 at 4:57 PM, John Barton <johnjbarton at> wrote:
> > So you are claiming that CSP no longer restricts inline scripts and that the
> > various online docs are incorrect?  Or only that the server  set the
> > "unsafe-inline" value to opt out of the restriction?
> Neither. See
> for the new nonce-source and hash-source features. (Don't read TR/,
> it's kind of equivalent to reading the previous version of ES, but
> worse.)
> Excellent thanks!  Hope those new features are adopted and servers routinely implement the hash-source feature.
> jjb
> _______________________________________________
> es-discuss mailing list
> es-discuss at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list