W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2012

CSP connect-src and browser plugins

From: Erlend Oftedal <eoftedal@gmail.com>
Date: Sun, 23 Sep 2012 14:57:24 +0200
Message-ID: <8599897274237076017@unknownmsgid>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Flash, silverlight, java and friends can also make http connections. This
is controlled by policies like crossdomain.xml and clientaccesspolicy.xml
on the receiving end, but what about the browser? Does connect-src also
apply to these plugins? Could it? Should it?

Erlend
Received on Sunday, 23 September 2012 12:57:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 23 September 2012 12:57:55 GMT