- From: Khushal Sagar via GitHub <sysbot+gh@w3.org>
- Date: Mon, 27 May 2024 01:17:29 +0000
- To: public-css-archive@w3.org
> My point is if we were to do this I would start from history and derive view transitions from that That's fair. We might need 2 policies, one to allow same-site URLs to be visible in the navigation API session history and another for view-transition. And the view-transition can't apply without a navigation API opt-in. > Note that CSP is designed as an opt-out only, meaning any added policy can only be further restricting what precedes it or the default. It's not a good framework for something that's supposed to be restricted by default and relaxed using an opt-in. Can you expand on "designed as an opt-out only"? Since on the surface it looks like a key -> list of URLs, it's not obvious why that list can't be used as an allow list on top of any same-origin URL. -- GitHub Notification of comment by khushalsagar Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/10364#issuecomment-2132481927 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 27 May 2024 01:17:30 UTC