- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 15 Oct 2012 09:07:55 -0700
- To: Fred Andrews <fredandw@live.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Oct 15, 2012 at 7:36 AM, Fred Andrews <fredandw@live.com> wrote: > Does the CSP report-uri need to satisfy the same-origin restrictions? Nope. An earlier version of the specification had that requirement, but the current version does not. > Sorry it did not pop out at me reading the spec. and given that reporting > seems to be silent to the user in most implementations it would appear to be > a DDOS attack issue. It's not any more of a DDOS issue than the <img> element. Adam
Received on Monday, 15 October 2012 16:08:57 UTC