Re: [csswg-drafts] [css-view-transitions-2] Support same-site cross-origin view transitions (#10364)

> My point is if we were to do this I would start from history and derive view transitions from that

That's fair. We might need 2 policies, one to allow same-site URLs to be visible in the navigation API session history and another for view-transition. And the view-transition can't apply without a navigation API opt-in.

> Note that CSP is designed as an opt-out only, meaning any added policy can only be further restricting what precedes it or the default. It's not a good framework for something that's supposed to be restricted by default and relaxed using an opt-in.

Can you expand on "designed as an opt-out only"? Since on the surface it looks like a key -> list of URLs, it's not obvious why that list can't be used as an allow list on top of any same-origin URL.

-- 
GitHub Notification of comment by khushalsagar
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/10364#issuecomment-2132481927 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 27 May 2024 01:17:30 UTC