- From: Brandon Sterne <bsterne@mozilla.com>
- Date: Wed, 20 Jul 2011 16:49:29 -0700
- To: Mark Nottingham <mnot@mnot.net>
- CC: Adam Barth <w3c@adambarth.com>, public-web-security@w3.org
On 07/19/2011 11:14 PM, Mark Nottingham wrote: >> The "options" syntax got removed at some point. I think Brandon is >> updating the Firefox implementation to the new syntax. > > Hmm. If the syntax is still evolving in non-backwards-compatible ways, it might be better to use a nonsense or generated header name, and revise it on each bump, so that sites that experiment with CSP don't have problems with supporting multiple incompatible deployed protocols. I've still been assuming that we are pre-version 1 of the spec and would adopt changes in this fashion in any subsequent versions of CSP that we ship. To your point, though, the Gecko implementation will support both syntaxes, at least for some reasonable period of time, so that we don't screw over the people that experimented with CSP prior to version 1. Thanks also for your earlier detailed feedback. I have a few items marked for follow-up, but I'll have to reply some time tomorrow. Cheers, Brandon
Received on Wednesday, 20 July 2011 23:49:23 UTC