Required to test Flickr import features of UploadWizard on beta.
|Open||None||T249486 Change Content Security Policy on betacommons to allow api.flickr.com|
|Open||None||T208188 RFC: Partial opt-out method for Content security policy|
Ideally, the Security-Team would prefer to wait for c557581 to get merged, so this sort of thing can fall to user-land, as I'm not sure everyone wants to or should allow something like api.flickr.com on beta or regular commons. Unfortunately, that patch is still hung up on RFC finalization (T208188#6030030). If this is more pressing, we could perhaps explore something like changing a CSP directive for a given time period (i.e. a day or two) to facilitate testing.
Note, the flickr thing is part of the uploadwizard extension, not a gadget or anything like that. Most of the other things like that had builtin exceptions, at least in the short term (in the spirit of stabilizing the status quo before changing things)