Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive?

On 7/23/12 4:09 PM, Devdatta Akhawe wrote:
> I agree with Mike and like #2 more. [...]
> Note that Mike's suggestion allows for application/foobar, where
> application/foobar is not a mime type that the browser knows what to
> do with (and the browser could say that in the console). But it will
> fail loudly for just application (e.g., if developer mistakenly put a
> space and typed out application / foobar )

In the common case they're both about the same: most of the time
pages will have one plugin and "application/ foobar" will fail to
load it. If developers are testing their site they'll notice under
option #1, and if they aren't testing then failing more with option
#2 is unlikely to help much.

Option 1 had the benefit of allowing for future expansion, although
I can't imagine what that would be at this time.


Received on Monday, 23 July 2012 23:32:44 UTC