- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 6 Apr 2016 08:51:02 +0200
- To: "Emily Stark (Dunn)" <estark@google.com>
- Cc: Mike West <mkwst@google.com>, Francois Marier <francois@mozilla.com>, Jochen Eisinger <eisinger@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Apr 6, 2016 at 5:43 AM, Emily Stark (Dunn) <estark@google.com> wrote:
> Adding these new policy states sounds reasonable to me. However, I want to
> note that there's been discussion about expanding the spec to a JSON-based
> syntax that allows much more flexibility. For example, we might want to
> express the policy "'unsafe-url' for navigations to and subresources from
> myadnetwork.com, and 'none' for all other origins" -- maybe using some
> syntax like { "unsafe-url": ["myadnetwork.com", "'self'"], "none": "*"}.
> (I'm not suggesting that as an actual proposal for the syntax, just an idea
> of the kind of thing we were thinking about.) In that world, the policy
> states would just be shorthand for the most commonly used policies.
How would you transition the Fetch API and HTML referrerpolicy attribute?
--
https://annevankesteren.nl/
Received on Wednesday, 6 April 2016 06:51:30 UTC