Re: JavaScript URLs and script-src nit

On 2/18/11 9:19 PM, Collin Jackson wrote:
> It's confusing to have some
> security features that are on by default and others that you have to
> turn on manually. The empty policy should have no effect.

How is it much different than specifying different DOCTYPES in an
HTML document and triggering different quirks/standards modes in

Why would anyone want to send a header that had no effect?

-Dan Veditz

Received on Saturday, 19 February 2011 05:34:00 UTC