To confirm my understanding, if a document has a CSP policy consisting of a policy-uri, then the user agent is supposed to block processing of the document until it finishes fetching the policy-uri, right? That seems very bad for performance. In a similar vein, how should the UA behave if it encounters a policy-uri in a CSP policy in a meta tag? Should it block parsing the rest of the document until it fetches the policy-uri? Should we drop support for policy-uri? AdamReceived on Friday, 15 April 2011 00:48:52 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 15 April 2011 00:48:53 GMT