W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2012

ISSUE-35: Should we add an "httpOnly" like directive to CSP to indicate that the state of this policy is not available to the script APIs?

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Fri, 02 Nov 2012 09:08:47 +0000
Message-Id: <E1TUDF9-0008Cs-7g@nelson.w3.org>
To: public-webappsec@w3.org

ISSUE-35: Should we add an "httpOnly" like directive to CSP to indicate that the state of this policy is not available to the script APIs?

http://www.w3.org/2011/webappsec/track/issues/35

Raised by: 
On product:

Received on Friday, 2 November 2012 09:08:51 UTC

This message: [ Message body ]
Next message: L. David Baron: "CSP, style-src, and what it means to ignore style attributes"
Previous message: Web Application Security Working Group Issue Tracker: "ISSUE-34: Discuss use cases / risks of script access to CSP information, solicit specific public comment on this feature with FPWD"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:59 UTC