Re: CSP spec not clear

Thanks for the feedback.  It's the policy from the HTML page that
matters.  I'll clarify the spec.

Adam


On Fri, Oct 12, 2012 at 5:13 AM, Marc Stern <marc.stern@approach.be> wrote:
> If my page loads a script on api.google.com, it is not clear if the
> user-agent, when parsing the google script, has to comply with the
> X-Content-Security-Policy header from my (HTML) page or with the one sent by
> the Javascript page.
>
> Could you clarify this?
>
> Thanks
>
> Marc
>

Received on Friday, 12 October 2012 13:24:15 UTC