On Tue, 08 Mar 2011 20:11:35 +0100, Adam Barth <w3c@adambarth.com> wrote: > We're going to be more successful getting folks to use CSP for new > kinds of policies in the future if CSP has less intrinsic baggage. > For example, Anne's From-Origin HTTP header should be a CSP directive > not yet-another-HTTP-header, but he's not going to like any coupling > between From-Origin and how inline event handlers behave. Yeah that would be weird. I'm still a bit unsure as to whether putting all these policies in the same header makes sense. They are orthogonal issues. It feels very similar to the <object> disaster. Some kind of framework element that can handle a ton of things, but is not very good at any of them. -- Anne van Kesteren http://annevankesteren.nl/Received on Thursday, 10 March 2011 12:45:12 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 10 March 2011 12:45:15 GMT