W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2013

Small, non-normative changes to CSP 1.1

From: Mike West <mkwst@google.com>
Date: Tue, 29 Jan 2013 22:58:27 +0100
Message-ID: <CAKXHy=cmM-587B-iW7n7+Jt-5LeMT70kynt8DkerPqaJxRY=SA@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
In the true spirit of doing everything at the last moment, I've crammed two
non-normative changes in before the call:

https://dvcs.w3.org/hg/content-security-policy/rev/3affa0c38706 addresses
ACTION-94 by noting that the script interface that's currently defined in
CSP 1.1 only gives insight into the policy, not into the general
accessibility of a URL (same-origin policy, cors, etc.

https://dvcs.w3.org/hg/content-security-policy/rev/748bf7da3690 addresses
ACTION-106 by giving an example of how multiple policies would be enforced.

Comments and feedback on both is encouraged.

--
Mike West <mkwst@google.com>, Developer Advocate
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Received on Tuesday, 29 January 2013 21:59:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 29 January 2013 21:59:15 GMT