- From: Mike West <mkwst@google.com>
- Date: Sun, 5 May 2013 11:42:21 +0200
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Sunday, 5 May 2013 09:43:09 UTC
Consistent with the conversation in April's F2F, I've changed the 1.1 spec to require that cross-origin violation reports are sent without cookies: https://dvcs.w3.org/hg/content-security-policy/rev/788b0b653c39 I believe we'd reached consensus on that point, but I might have missed some nuance over the phone. I'm happy to revert if there are objections. -- Mike West <mkwst@google.com>, Developer Advocate Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Received on Sunday, 5 May 2013 09:43:09 UTC