webappsec-ISSUE-7 (policy-uri): Should the policy-uri directive be in CSP 1.0? from Web Application Security Working Group Issue Tracker on 2011-11-03 (public-webappsec@w3.org from November 2011)

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Thu, 03 Nov 2011 09:08:13 +0000
To: public-webappsec@w3.org
Message-Id: <E1RLtHR-0007oa-0S@lowblow.w3.org>

webappsec-ISSUE-7 (policy-uri): Should the policy-uri directive be in CSP 1.0?

http://www.w3.org/2011/webappsec/track/issues/7

Raised by: Adam Barth
On product: 

The policy-uri directive lets a document refer to an external URI to provide a CSP policy.  Firefox has implemented policy-uri, so it is a candidate for inclusion in CSP 1.0.

bsterne notes that folks are already using this directive and like it.
abarth notes that this directive is slow because it requires a synchronous network fetch.

Next steps:

1) jrossi to provide input: http://www.w3.org/2011/webappsec/track/actions/25

Received on Thursday, 3 November 2011 09:10:18 UTC