W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: CSP syntax

From: gaz Heyes <gazheyes@gmail.com>
Date: Fri, 4 Feb 2011 13:13:06 +0000
Message-ID: <AANLkTimLXYus3hPwqJbCkLDrcVDUVP=oJRvJxb1f0LfM@mail.gmail.com>
To: Michal Zalewski <lcamtuf@coredump.cx>
Cc: "=JeffH" <Jeff.Hodges@kingsmountain.com>, W3C Web Security Interest Group <public-web-security@w3.org>
On 4 February 2011 12:31, gaz Heyes <gazheyes@gmail.com> wrote:

> The trouble is the method of sending a policy is conflicting with the
> usability of implementing it. I know why it's being sent via http headers..
> speed. Because of that it will have to be compressed but what is the bloody
> point of having a nice fast policy if nobody uses it apart from Facebook?
> How about a compromise between a lighter policy syntax within HTTP headers
> with a option to specify a policy link which has a more familiar syntax like
> CSS/JSON?
>

Actually I have a better idea, a compiler. Write the policy in CSS/JSON,
verify it then it compiles into a compact http header that is very
lightweight.
Received on Friday, 4 February 2011 13:13:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 4 February 2011 13:13:39 GMT