We've received quite a few CSP whitelist requests, and obviously the CSP is there to prevent abuse so whitelisting any requested URL would defeat its purpose so that's why we need a policy for how we decide what to whitelist or not.
|Declined||Reception123||T5092 Create a CSP whitelist policy|
|Resolved||Zppix||T5017 Add shields.io to CSP whitelist (load external images)|
|Resolved||Reception123||T4914 Content Security Policy Violation: Extension:AddThis|
|Resolved||Zppix||T4760 Add some sites to frame and CSP whitelist|
|Resolved||Universal_Omega||T4976 CSP whitelist request for www.desmos.com|
|Declined||Reception123||T4944 CSP whitelist openagenda.com|
We're going to go for an informal policy which is that each request is case by case and users must be able to explain why the whitelist is essential for the functioning of their wiki. The decision to add it to the CSP should be approved by 2 SRE members.