Conform with Isolated Web Apps HTTP CSP Header requirements

## **Problem Statement**

[Isolated Web Apps](https://github.com/WICG/isolated-web-apps) (IWAs) provide an isolated, bundled, versioned, signed, and trusted application model built on top of the existing web platform.

The [proposed solution](https://github.com/WICG/isolated-web-apps?tab=readme-ov-file#proposed-solution) specifies a rigorous Content Security Policy, to prevent attacks that would load malicious content from outside of its Web Bundle. This Content Security Policy would be beneficial to wwWallet not only to make it IWA eligible, but also enhance its current security.

The required CSP headers currently break existing features that:
* Use `eval` (e.g. `Ajv` library which is applied when validating json schemas)
* Load scripts without [Trusted Type Policies](https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API) (e.g the way VitePWA loads the service worker)

Until these are resolved, this feature cannot be implemented and will be considered blocked.
Related issues will be linked here to help tracking.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Conform with Isolated Web Apps HTTP CSP Header requirements #925

Problem Statement

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Conform with Isolated Web Apps HTTP CSP Header requirements #925

Description

Problem Statement

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions