- From: Brandon Sterne <bsterne@mozilla.com>
- Date: Fri, 15 Apr 2011 14:33:22 -0700
- To: Adam Barth <w3c@adambarth.com>
- CC: public-web-security@w3.org
On 4/14/11 5:49 PM, Adam Barth wrote: > The spec says: > > [[ > In the following example a page located at > http://example.org/page.html was requested and returned with its > response a policy of default-src 'self'; policy-uri > http://example.org/csp-report.cgi. The policy was violated by an image > element from evil.example.com which had been embedded in the page. > ]] > > Presumably we mean report-uri. > > Adam Indeed we do: https://dvcs.w3.org/hg/content-security-policy/rev/d571efb5794f Thanks for catching. -Brandon
Received on Friday, 15 April 2011 21:33:50 UTC