Re: Transition Request: Content Security Policy to FPWD

On Tue, Nov 29, 2011 at 5:15 AM, Thomas Roessler <> wrote:
> Thanks and congratulations, Brad, EKR, Brandon, Adam.  Short name and
> transition approved.
> Before we publish this, the status section should have a few brief words
> that are non-boilerplate.  In this case, it may be useful to point out that
> the spec is unusually mature for an FPWD, and that experimental
> implementations already exist.
> Once that text is in the draft, I'll proceed with a publication request;
> let's aim at this Thursday as the publication date.


Although a FPWD, this document describes a proposal that has been
floating around for the better part of a year. There are experimental
implementations in Firefox and Chrome, using the header names
X-Content-Security-Policy and X-WebKit-CSP respectively. Internet
Explorer 10 Platform Preview also contains a partial implementation,
using the header name X-Content-Security-Policy.

In addition to the documents in the W3C Web Application Security
working group, the work on this document is also informed by the work
of the IETF websec working group, particularly that working group's
requirements document: draft-hodges-websec-framework-reqs


> Thanks much,
> --
> Thomas Roessler, W3C  <>  (@roessler)
> On 2011-11-29, at 01:07 +0100, Hill, Brad wrote:
> Thomas,
> On behalf of the Web Application Security WG we request that the Content
> Security Policy specification transition to First Public Working Draft in
> the following location:
> Content Security Policy (CSP)
> This can be published effective immediately (Nov 28).
> The abstract and scope may be found in the document itself, currently at:
> The WG has documented its agreement to advance this document by issuing a
> Call for Consensus,
> (,
> resolved issues raised thereby, and agreed to proceed during our call on Nov
> 22. (
> Thank you,
> Brad Hill

Received on Tuesday, 29 November 2011 19:41:39 UTC