W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2012

Re: CSP HTTP header description

From: Adam Barth <w3c@adambarth.com>
Date: Sun, 1 Apr 2012 16:32:02 -0700
Message-ID: <CAJE5ia8sj6UCEg4LAQ_pGuke65E4KKyyqC7mPu8+2Uxz5Dn+Rg@mail.gmail.com>
To: Thomas Roessler <tlr@w3.org>
Cc: public-webappsec@w3.org
On Tue, Mar 27, 2012 at 1:02 AM, Adam Barth <w3c@adambarth.com> wrote:
> On Tue, Mar 27, 2012 at 12:59 AM, Thomas Roessler <tlr@w3.org> wrote:
>> based on discussion at the IETF meeting, there won't be a separate IETF document to specify the CSP HTTP header.
>>
>> It would be great if we could extend the header description in CSP to have the information suggested here:
>>        http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-19#section-3.1
>>
>> Reviewing this shouldn't be too much effort.
>>
>> We can then ask for review from the IETF websec and http WGs, both of whom will be happy to provide that review.
>
> Ok.  I'll take a swing at it.

Here's a first draft:

http://dvcs.w3.org/hg/content-security-policy/rev/91163bbd2daf

Let me know if anything needs to change.

Thanks!
Adam
Received on Sunday, 1 April 2012 23:33:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 1 April 2012 23:33:05 GMT