- From: Marc Stern <marc.stern@approach.be>
- Date: Fri, 12 Oct 2012 14:13:30 +0200
- To: public-web-security@w3.org
If my page loads a script on api.google.com, it is not clear if the user-agent, when parsing the google script, has to comply with the X-Content-Security-Policy header from my (HTML) page or with the one sent by the Javascript page. Could you clarify this? Thanks Marc
Received on Friday, 12 October 2012 12:14:06 UTC