W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2012

CSP 1.0: Are UAs permitted to implement reporting as opt-in?

From: Fred Andrews <fredandw@live.com>
Date: Tue, 16 Oct 2012 22:36:45 +0000
Message-ID: <BLU002-W1504D4E09318718495CA0E8AA700@phx.gbl>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
It would be appreciated if the WG could clarify if a browser conforming to CSP 1.0 is permitted to implement reporting as opt-in?

It was my understanding based on the decision of issue 11 and prior discussion on this list that CSP 1.0 required a UA to submit a report when requested by the server and thus that a server could depend on this.  However a recent response suggests this may not be the consensus.

cheers
Fred

 		 	   		  
Received on Tuesday, 16 October 2012 22:37:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 16 October 2012 22:37:13 GMT