- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Mon, 05 Mar 2012 18:04:58 -0800
- To: "Hill, Brad" <bhill@paypal-inc.com>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
KEEP -- any latency hit is entirely optional and in some cases could even lead to overall better performance; potentially more secure than a <meta> tag since it keeps the security measure outside the potentially hacked document content. On 3/5/12 2:10 PM, Hill, Brad wrote: > One of the last remaining issues for CSP 1.0 is whether to include > the “policy-uri” directive. Adam has previously summarized the > points in favor and against at: > > > > http://lists.w3.org/Archives/Public/public-webappsec/2012Feb/0034.html > > > > We discussed this on the last teleconference, without a resolution, > so EKR suggested we take it to a straw poll of the WG. > > > > Please reply to this poll with your preference to “KEEP” or “REMOVE” > the policy-uri directive. > > > > Thanks, > > > Brad Hill >
Received on Tuesday, 6 March 2012 02:05:43 UTC