W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2012

Re: CSP 1.0: Are UAs permitted to implement reporting as opt-in?

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 17 Oct 2012 12:23:10 -0400
Message-ID: <507EDB6E.5010805@mit.edu>
To: public-webappsec@w3.org

On 10/17/12 6:49 AM, Fred Andrews wrote:
> Just to clarify, when reporting is required the server can depend on the
> absence of a report when it trips its own policy to signal that the UA has not
> implemented the policy.

Dan's point was that no, the server can't rely on this.

-Boris

Received on Wednesday, 17 October 2012 16:23:38 UTC

This message: [ Message body ]
Next message: Fred Andrews: "RE: CSP 1.0: Are UAs permitted to implement reporting as opt-in?"
Previous message: Adam Barth: "Re: CSP 1.0: Are UAs permitted to implement reporting as opt-in?"
In reply to: Fred Andrews: "RE: CSP 1.0: Are UAs permitted to implement reporting as opt-in?"
Next in thread: Fred Andrews: "RE: CSP 1.0: Are UAs permitted to implement reporting as opt-in?"
Reply: Fred Andrews: "RE: CSP 1.0: Are UAs permitted to implement reporting as opt-in?"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:29 UTC