- From: Mike West <notifications@github.com>
- Date: Tue, 30 Jun 2020 05:21:27 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 30 June 2020 12:21:39 UTC
We think it's valuable to be able to report upon one policy, while enforcing another. This gives folks the ability to migrate from the weaker `same-origin-allow-popups` to the stricter `same-origin` by enforcing the former, and reporting upon the latter. Once they drive the reports down to a point at which they're happy, they can enforce the latter. It's certainly plausible to obtain this result by specifying the reported policy via a syntax that jammed everything into one header. I think we've taken a multi-header approach here ([and in COEP](https://wicg.github.io/cross-origin-embedder-policy/#COEP-RO)) simply for consistency with things like CSP rather than any practical reason unique to this mechanism. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/527#issuecomment-651756334
Received on Tuesday, 30 June 2020 12:21:39 UTC