W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2017

Vendor specification of their product's recommended Content-Security-Policy

From: Jean-Baptiste Aviat <jb@sqreen.io>
Date: Fri, 24 Nov 2017 12:25:33 +0100
Message-Id: <D4F7C9A9-3B89-42C8-8D7E-2D6B4B5F1986@sqreen.io>
To: public-webappsec@w3.org
Hi WebappSec,

One of the pain points of building a Content Security Policy is that most SaaS tools (Segment, Sentry…) do not even document how to use a Content Security Policy. Hence, users of such SaaS tools need to reverse engineer how they are working, and to build their own policy accordingly.

It would be nice if vendors could specify this up front!

Would you be aware of any specification / discussion about this?

Thanks,
--
Jean-Baptiste Aviat
Co-founder & CTO | Sqreen <https://www.sqreen.io/>
Mobile: +33 6 749 749 77
Received on Friday, 24 November 2017 12:49:42 UTC

This archive was generated by hypermail 2.3.1 : Friday, 24 November 2017 12:49:42 UTC