Hmm then so as onmessage. Or the point is that XHR doesn't tell you if the page followed redirects? -- Eduardo On Mon, Dec 19, 2011 at 4:45 PM, Daniel Veditz <dveditz@mozilla.com> wrote: > On 12/19/11 1:01 AM, Eduardo Vela wrote: > > Is data exfiltration still a concern for CSP? > > > > If not, then why xhr-src is there? > > XHR is covered (under the new name 'connect-src' along with > EventSource and WebSockets) because it's a source of data used by > the page. >Received on Tuesday, 20 December 2011 00:49:17 UTC
This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:19 UTC