Re: Advice about unprefixing Content-Security-Policy in WebKit

On Wed, 29 Aug 2012 01:49:16 +0200, Adam Barth <w3c@adambarth.com> wrote:

> The one wrinkle in this plan is the handling of path restrictions in
> source lists.  This is one area where CSP 1.1 changes the semantics of
> a CSP 1.0 directive.  I was thinking we might enforce path
> restrictions for both Content-Security-Policy and the X-WebKit-CSP.
> There are two reasons why this seems like a good idea:
>
> 1) We can always loosen these restrictions later without breaking
> content (e.g., if CSP 1.1 drops path restrictions).
>
> 2) Enforcing these restrictions from the beginning lessens the chance
> that we'll break content by adding them later when CSP 1.1 advances to
> CR.

Hm, I thought I yay'ed this but can't see my reply.

Anyway, I think doing strict path checking as early as possible is smart  
and support it, yay :-)

-- 
Odin Hørthe Omdal (Velmont/odinho) · Core, Opera Software, http://opera.com

Received on Monday, 15 October 2012 14:23:11 UTC