- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 14 Apr 2011 17:47:54 -0700
- To: public-web-security@w3.org
To confirm my understanding, if a document has a CSP policy consisting of a policy-uri, then the user agent is supposed to block processing of the document until it finishes fetching the policy-uri, right? That seems very bad for performance. In a similar vein, how should the UA behave if it encounters a policy-uri in a CSP policy in a meta tag? Should it block parsing the rest of the document until it fetches the policy-uri? Should we drop support for policy-uri? Adam
Received on Friday, 15 April 2011 00:48:52 UTC