W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: CSP syntax

From: Gervase Markham <gerv@mozilla.org>
Date: Thu, 03 Feb 2011 18:14:34 +0000
Message-ID: <4D4AF08A.7060409@mozilla.org>
To: Daniel Veditz <dveditz@mozilla.com>
CC: Terri Oda <terri@zone12.com>, public-web-security@w3.org
On 03/02/11 18:06, Daniel Veditz wrote:
> I don't know if any proxies commonly do this, but it's permissible.
> AFAIK there's no provision for -splitting- headers on commas so your
> syntax is still OK as long as you allow for the possibility of "{
> policy }, { another header's worth }"

We could do this with JSON fairly easily if we assumed rather than wrote 
the outside { and }. Then, we are just concatenating sets of hash keys.

CSP would have to define the hash as semantically an _ordered_ hash, 
with later values for the same key only tightening earlier ones, but 
that might be OK.

Gerv
Received on Thursday, 3 February 2011 18:15:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 3 February 2011 18:15:11 GMT