From b063e3a491cbd1a0b1e5a92eeea447003be9123a Mon Sep 17 00:00:00 2001 From: Conrad Hoffmann Date: Tue, 2 Aug 2022 15:31:16 +0200 Subject: [PATCH] Explain CSP impact on target="_blank" links --- content/limitations.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/content/limitations.md b/content/limitations.md index b247c81..4423172 100644 --- a/content/limitations.md +++ b/content/limitations.md @@ -20,6 +20,9 @@ Content-Security-Policy: The main consequence of this is that all resources must be served from your domain — you cannot use a CDN or embed third-party content. +It also disallows forcing links to open in new tabs (`target="_blank"`), as +this is equivalent to opening a pop-up in the browser security model. + The published tarball is limited to 1 GiB in size, after decompression. Any entries other than regular files are ignored (such as symlinks).