W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2012

Re: CSP 1.1: Paths in source list definitions.

From: Odin Hørthe Omdal <odinho@opera.com>
Date: Tue, 25 Sep 2012 14:18:04 +0200
To: public-webappsec@w3.org
Message-ID: <op.wk6xserm49xobu@odinho-fido.oslo.osa>
On Sun, 23 Sep 2012 10:27:40 +0200, Mike West <mkwst@google.com> wrote:
> Hello, webappsec!
>
> Following up on this followup, two points:
>
> 1. An implementation of path support as currently specified in 1.1
> landed in WebKit earlier this week[1]. You should already be able to
> play around with it in WebKit nightlies or Chrome Canary.
>
> 2. As Adam suggested[2], we plan to implement path support along with
> the canonical header[3] once 1.0 hits CR. I'd like some feedback on
> this plan; it seems like a good idea for the reasons Adam outlined,
> but I'd appreciate more discussion.
>
> [1]: http://trac.webkit.org/changeset/129143
> [2]:  
> http://lists.w3.org/Archives/Public/public-webappsec/2012Aug/0007.html
> [3]: https://bugs.webkit.org/show_bug.cgi?id=96765

So you're actually doing going to do the strict path check early?

That's great news! :-)

I'm all plusses to going down that route.

-- 
Odin Hørthe Omdal (Velmont/odinho) · Core, Opera Software, http://opera.com
Received on Tuesday, 25 September 2012 12:20:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 25 September 2012 12:20:04 GMT