- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Tue, 08 Oct 2013 14:49:17 -0700
- To: "Nottingham, Mark" <mnotting@akamai.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Tuesday, 8 October 2013 21:49:45 UTC
On 10/7/2013 3:24 AM, Nottingham, Mark wrote: > On 04/10/2013, at 10:11 AM, Brad Hill <hillbrad@gmail.com> wrote: > >> 5. We should include the "cookie-scope" policy in the core CSP 1.1 >> feature set? Agree / Disagree > > It seems like a few folks are disagreeing with this one. For my > information - are people against working in this area at all, or is > it just the specific proposal, or is it just a timing thing, or…? I think all three proposals are worth exploring, but they are somewhat overlapping and could in some cases be enforced outside of CSP. I'm in favor of wrapping up an incremental CSP 1.1 and don't think we can resolve these other proposals in a short time frame. We should save them for a CSP 1.2 discussion. -Dan Veditz
Received on Tuesday, 8 October 2013 21:49:45 UTC