W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2012

Re: CSP 1.0: Are UAs permitted to implement reporting as opt-in?

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 17 Oct 2012 18:05:11 -0400
Message-ID: <507F2B97.2090500@mit.edu>
To: Fred Andrews <fredandw@live.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 10/17/12 5:44 PM, Fred Andrews wrote:
> If the server can't rely on this then why does CSP require the UA to
> send a report when requested?

An excellent question, to which I do not know the answer, since I wasn't 
involved in writing that part of the spec.  But presumably the idea is 
to make it more likely that the server will get the report, in common 
situations.

-Boris
Received on Wednesday, 17 October 2012 22:05:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 17 October 2012 22:05:41 GMT