- From: Adam Barth <w3c@adambarth.com>
- Date: Sun, 1 Apr 2012 16:47:46 -0700
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: public-web-security@w3.org
On Thu, Mar 29, 2012 at 4:51 AM, Julian Reschke <julian.reschke@gmx.de> wrote: > On 2011-02-01 19:59, Adam Barth wrote: >> >> We've been talking a lot about policy semantics, but we haven't talked >> much about syntax. It seems like the two main things we'd like to get >> out of the syntax are: >> >> 1) Compactness. Policies should be short. >> 2) Legibility. It should be easy for humans to read and author policies. >> 3) Extensibility. We'd like a flexible syntax that we can extend for >> many years to come. >> >> The current syntax seems to be something like the following: >> >> policy = directive *( ";" directive ) >> directive = *LWS directive-name 1*LWS directive-value >> directive-name =<CHAR, except LWS and ";"> >> directive-value =<CHAR, except ";"> >> >> Is that right? >> ... > > Please have a look at > <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-19.html#considerations.for.creating.header.fields>. > > In particular: > > - if you do want multiple header field instances, use HTTP list syntax, thus > "," as separator > > - if you don't then disallow "," in field content so you can detect when > somebody else *has* combined headers > > It might be appealing to re-use the syntax of an existing header, such as > "Expect": > <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-19.html#header.expect> Fixed: http://dvcs.w3.org/hg/content-security-policy/rev/f2c203c7331f Thanks, Adam
Received on Sunday, 1 April 2012 23:48:50 UTC