- From: Brandon Sterne <bsterne@mozilla.com>
- Date: Fri, 14 Oct 2011 17:23:56 -0700
- To: Adam Barth <w3c@adambarth.com>
- CC: "public-web-security@w3.org" <public-web-security@w3.org>
On 06/29/2011 10:59 AM, Brandon Sterne wrote: > On 06/27/2011 03:11 PM, Brandon Sterne wrote: >> I did consider that, but I wasn't sure that -src was the appropriate >> suffix, because these are hosts that the page can connect *to*. I do >> agree that these APIs should be subject to default-src, though, so maybe >> for consistency we should change it to connect-src. I'm not opposed to >> that change if people prefer it. >> >> -Brandon > > It doesn't seem like there are strong opinions on the naming, so I'll > make the change to the spec that swaps xhr-src for connect-src and it > will be subject to the default-src list if absent. I pushed this change as: https://dvcs.w3.org/hg/content-security-policy/rev/5d4449e74743 -Brandon
Received on Saturday, 15 October 2011 00:23:39 UTC