- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Wed, 02 May 2012 15:39:10 -0700
- To: Michal Zalewski <lcamtuf@coredump.cx>
- CC: "Hill, Brad" <bhill@paypal-inc.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 5/2/12 12:39 PM, Michal Zalewski wrote: > I think this is more elegantly solved by allowing full URL or possibly > path scoping as an alternative to origin scoping for existing CSP > directives. That was also proposed and there was much more support to address that in a near-future revision of CSP than the proposed JSONP directive. In fact we are probably going to adjust our 1.0 syntax/parsing rules so that we can more easily extend it in 1.1 without breaking existing 1.0-supporting clients. -Dan Veditz
Received on Wednesday, 2 May 2012 22:39:47 UTC