W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

CSP - matching a URI against a source expression with no scheme

From: Janusz Majnert <jmajnert@gmail.com>
Date: Wed, 13 Mar 2013 10:37:52 +0100
Message-ID: <CAOeF0ewjUi=kTq9pcQoFNMD=ATL7ne1vxigwgVoNRKvUX=n0zQ@mail.gmail.com>
To: public-webappsec@w3.org
Hi,
If I understand correctly, matching the URI:
"http://example.com/resource1" against the source expression
"example.com" shall return a positive match?

I would also like to ask for a clarification on point 3.4 of the
matching algorithm (http://www.w3.org/TR/CSP/#matching):
"uri-scheme" is the scheme part of the URI (according to point 3.2),
why should it be compared to the scheme of the URI it was derived
from? Or is "protected resource's URI" different from the URI being
matched?

Regards,
Janusz Majnert
Received on Wednesday, 13 March 2013 09:38:24 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:00 UTC