- From: Brandon Sterne <bsterne@mozilla.com>
- Date: Tue, 21 Jun 2011 15:13:58 -0700
- To: "public-web-security@w3.org" <public-web-security@w3.org>
Per previous discussions, I would like to broaden the scope of the xhr-src directive and rename it to reflect the change. The tentative proposal for the new directive name is "connect" and it would define the list of sources that a page can connect to via DOM/JS APIs. To begin with, this directive would cover: - XMLHttpRequest - WebSocket - EventSource Are there other APIs that belong in this bucket? On a related note, Adam has advocated including Worker in this new category, but I believe we should add Worker under script-src since the stated purpose of that API is to run script in the background and I believe this will be "least surprising" to web developers. Would people support this change? Thanks, Brandon
Received on Tuesday, 21 June 2011 22:14:36 UTC