Re: CSP spec not clear

Thanks for the feedback.  It's the policy from the HTML page that
matters.  I'll clarify the spec.


On Fri, Oct 12, 2012 at 5:13 AM, Marc Stern <> wrote:
> If my page loads a script on, it is not clear if the
> user-agent, when parsing the google script, has to comply with the
> X-Content-Security-Policy header from my (HTML) page or with the one sent by
> the Javascript page.
> Could you clarify this?
> Thanks
> Marc

Received on Friday, 12 October 2012 13:24:15 UTC