Just a further clarifying note: CSP stands for Content Security Policy.
I want to emphasize that most users should not need to worry about this. If
you are a more advanced user and are wondering why your browser's developer
console suddenly has new errors, this is why.
--
Brian
On Friday, October 26, 2018, Brian Wolff <bwolff(a)wikimedia.org> wrote:
Just a heads up, we're enabling CSP in report only
mode on wikis. This
means if you are loading external resources in your user
scripts, you might
get an error in your javascript console. Don't panic, so far we are only
enabling report only, and will of course give people notice before actually
enabling it enforcing. At this stage we are just gathering information on
what the impact of CSP would be on the wikis and what sort of external
javascript is used in practise.
That said, if you are loading externally hosted javascript from your user
JS page,
we strongly suggest you do not do this for security reasons.
--
Brian