{"html_url": "https://github.com/simonw/datasette/issues/1362#issuecomment-855428296", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1362", "id": 855428296, "node_id": "MDEyOklzc3VlQ29tbWVudDg1NTQyODI5Ng==", "user": {"value": 154364, "label": "dracos"}, "created_at": "2021-06-06T16:53:20Z", "updated_at": "2021-06-06T16:53:20Z", "author_association": "NONE", "body": "> Presumably this would also require adding Content-Security-Policy to the Vary header though, which will have a nasty effect on Cloudflare and Fastly and such like.\r\n\r\nNo, because Vary header is about *request* headers that cause the response to vary, not response headers.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 912864936, "label": "Consider using CSP to protect against future XSS"}, "performed_via_github_app": null}