Request for Change to CSP Specification

restriction on report-uri in the CSP Specification.  First, I don't
see how the restriction defends against any reasonable adversary model
(as Adam Barth also noted in his bugzilla post on 2011-07-18) and
secondly, it makes it more difficult for a company to provide a
reporting collection and analysis service. Ideally browsers could be
instructed to send alerts back to a third-party.  I would like to
submit a request for this restriction to be removed.

- Jason Franklin
Research Associate
Stanford University

Received on Thursday, 8 December 2011 19:27:59 UTC