W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2011

webappsec-ISSUE-7 (policy-uri): Should the policy-uri directive be in CSP 1.0?

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Thu, 03 Nov 2011 09:08:13 +0000
To: public-webappsec@w3.org
Message-Id: <E1RLtHR-0007oa-0S@lowblow.w3.org>

webappsec-ISSUE-7 (policy-uri): Should the policy-uri directive be in CSP 1.0?

http://www.w3.org/2011/webappsec/track/issues/7

Raised by: Adam Barth
On product: 

The policy-uri directive lets a document refer to an external URI to provide a CSP policy.  Firefox has implemented policy-uri, so it is a candidate for inclusion in CSP 1.0.

bsterne notes that folks are already using this directive and like it.
abarth notes that this directive is slow because it requires a synchronous network fetch.

Next steps:

1) jrossi to provide input: http://www.w3.org/2011/webappsec/track/actions/25
Received on Thursday, 3 November 2011 09:10:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 3 November 2011 09:10:19 GMT