W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2013

CSP & iframe subresources

From: Yoav Weiss <yoav@yoav.ws>
Date: Fri, 11 Jan 2013 10:39:26 +0100
Message-ID: <CACj=BEjASh5tsnpSLHvDcc_zMJLfCjG1_QOLF+P-7DK2ZTupaQ@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Does the CSP policies of the main HTML apply also subresources of iframes?

What happens if the iframe also has it's own CSP policy? Is it additive to
the main HTML policies?

Is there a difference in that aspect between different kinds of iframes?
(3rd party, sandboxed, etc)

Thanks,
Yoav
Received on Friday, 11 January 2013 09:39:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 11 January 2013 09:39:57 GMT