W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2012

Re: [webappsec] Straw poll: policy-uri in CSP

From: Daniel Veditz <dveditz@mozilla.com>
Date: Mon, 05 Mar 2012 18:04:58 -0800
Message-ID: <4F5570CA.2090703@mozilla.com>
To: "Hill, Brad" <bhill@paypal-inc.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
KEEP -- any latency hit is entirely optional and in some cases could
even lead to overall better performance; potentially more secure
than a <meta> tag since it keeps the security measure outside the
potentially hacked document content.

On 3/5/12 2:10 PM, Hill, Brad wrote:
> One of the last remaining issues for CSP 1.0 is whether to include
> the “policy-uri” directive.  Adam has previously summarized the
> points in favor and against at:
> 
>  
> 
> http://lists.w3.org/Archives/Public/public-webappsec/2012Feb/0034.html
> 
>  
> 
> We discussed this on the last teleconference, without a resolution,
> so EKR suggested we take it to a straw poll of the WG.
> 
>  
> 
> Please reply to this poll with your preference to “KEEP” or “REMOVE”
> the policy-uri directive.
> 
>  
> 
> Thanks,
> 
> 
> Brad Hill
> 
Received on Tuesday, 6 March 2012 02:05:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 6 March 2012 02:05:44 GMT