- From: Mark Nottingham <notifications@github.com>
- Date: Wed, 18 May 2016 02:15:46 -0700
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
- Cc:
Received on Wednesday, 18 May 2016 09:16:13 UTC
Hey Mike, Overall this looks like a reasonable evolution for CSP; switching to fetch seems very sane. The extensibility also looks reasonable. It's good to see that there are multiple implementations of the full level 2 spec (at least according to caniuse; is that correct?); it'd be even better to see Firefox get up to speed... I'm still concerned about the overall size of CSP headers, as well as its uptake by sites. I think there may be a *much* bigger discussion of what our stance to securing the Web should be lurking in that latter point, but that shouldn't hold this up. One nit - You need to update the IANA registry entries for all of the affected directives in the IANA Considerations section. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/spec-reviews/issues/42#issuecomment-219970496
Received on Wednesday, 18 May 2016 09:16:13 UTC