W3C home > Mailing lists > Public > public-web-security@w3.org > April 2011

policy-uri is slow

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 14 Apr 2011 17:47:54 -0700
Message-ID: <BANLkTinp0kQwsusLvMZfLXLdVnT5PcQ3pA@mail.gmail.com>
To: public-web-security@w3.org
To confirm my understanding, if a document has a CSP policy consisting
of a policy-uri, then the user agent is supposed to block processing
of the document until it finishes fetching the policy-uri, right?
That seems very bad for performance.

In a similar vein, how should the UA behave if it encounters a
policy-uri in a CSP policy in a meta tag?  Should it block parsing the
rest of the document until it fetches the policy-uri?

Should we drop support for policy-uri?

Adam
Received on Friday, 15 April 2011 00:48:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 15 April 2011 00:48:53 GMT