W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: [Content Security Policy] A more modular approach

From: Jochen Eisinger <eisinger@google.com>
Date: Tue, 1 Feb 2011 13:40:31 +0100
Message-ID: <AANLkTimrXJWZT80Cw_z2AxS2yp7oZNuE82Wzp83ZWi1i@mail.gmail.com>
To: Brandon Sterne <bsterne@mozilla.com>
Cc: public-web-security@w3.org
Hey,

On Mon, Jan 31, 2011 at 11:59 PM, Brandon Sterne <bsterne@mozilla.com> wrote:
> Hello everyone,
>
> We've heard a number of great ideas brought to the table this week and
> last and I'd like to make an attempt to incorporate those ideas in a way
> that hopefully satisfies everyone (a lofty goal!).

I might be overlooking something, but will this proposal allow for
blocking sources based on the protocol used, i.e. to support the use
case of disallowing resources served via http from and https site?

best
-jochen
Received on Tuesday, 1 February 2011 12:41:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 1 February 2011 12:41:22 GMT