W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2012

Report-uri same-origin restrictions?

From: Fred Andrews <fredandw@live.com>
Date: Mon, 15 Oct 2012 14:36:16 +0000
Message-ID: <BLU002-W46033B081EF231BC126D1FAA710@phx.gbl>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Does the CSP report-uri need to satisfy the same-origin restrictions?

Sorry it did not pop out at me reading the spec. and given that reporting seems to be silent to the user in most implementations it would appear to be a DDOS attack issue.

The matter is addressed here in section 'Restrictions on policy-uri and report-uri':


Received on Monday, 15 October 2012 14:36:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:29 UTC