[Bug 25566] [imports]: Supporting more than just the script-src CSP directive in imports. from bugzilla@jessica.w3.org on 2014-05-06 (public-webapps-bugzilla@w3.org from May 2014)

From: <bugzilla@jessica.w3.org>
Date: Tue, 06 May 2014 07:57:20 +0000
To: public-webapps-bugzilla@w3.org
Message-ID: <bug-25566-2532-VrPM8V78wD@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25566

fbraun@mozilla.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fbraun@mozilla.com,
                   |                            |hillbrad@gmail.com
             Blocks|                            |24632

--- Comment #1 from fbraun@mozilla.com ---
Let's make sure resolving this issue does not involve monkey patching the CSP
spec :)

The web application security working group has discussed imports and CSP
previously and came to the conclusion that it should indeed fall under the
script-src directive:
http://lists.w3.org/Archives/Public/public-webappsec/2013Apr/0079.html

(CCing Brad Hill)

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Tuesday, 6 May 2014 07:57:23 UTC