Re: CSP 1.1: More granular source list definitions. from Tom Ritter on 2012-07-02 (public-webappsec@w3.org from July 2012)

From: Tom Ritter <tom@ritter.vg>
Date: Mon, 2 Jul 2012 08:09:20 -0400
To: Odin Hørthe Omdal <odinho@opera.com>
Cc: public-webappsec@w3.org
Message-ID: <CA+cU71kUfuqyNr0c_uPJS7vANrBtbUdC1TBtFV3oa5bTXC3X_w@mail.gmail.com>

On Jul 2, 2012 7:46 AM, "Odin Hørthe Omdal" <odinho@opera.com> wrote:
> So if CSP 1.0 is allowed to live a long time in a browser, the behavior
we have now might actually be mandatory for site-compat.

Unless 1.1 adds a version parameter in the header, and the lack of it is
defined as being 1.0.

If course this will be the only opportunity to do it.

-tom

Received on Monday, 2 July 2012 12:09:47 UTC