W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

Re: Include page http response code in CSP reports?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 26 Mar 2013 22:11:40 +0000
Message-ID: <CADnb78jJQcBE2BWqTWhRhXn5TCoQ8nwUDeNXB0aChK8TG04dug@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Neil Matatall <neilm@twitter.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Mar 26, 2013 at 10:08 PM, Mike West <mkwst@google.com> wrote:
> I can't come up with any clever exploits that would be caused by sending the
> response code of the protected resource (perhaps as "document-status" next
> to "document-uri"?), and there's apparently some marginal value to adding
> it. That doesn't mean there aren't any, however...

Fly-by-comment, can we still rename those to "-url"? The whole
platform uses URL, not URI...


-- 
http://annevankesteren.nl/
Received on Tuesday, 26 March 2013 22:12:07 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC