- From: Fred Andrews <fredandw@live.com>
- Date: Wed, 17 Oct 2012 21:44:23 +0000
- To: Boris Zbarsky <bzbarsky@mit.edu>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Wednesday, 17 October 2012 21:44:49 UTC
Hi Boris, If the server can't rely on this then why does CSP require the UA to send a report when requested? cheers Fred > Date: Wed, 17 Oct 2012 12:23:10 -0400 > From: bzbarsky@MIT.EDU > To: public-webappsec@w3.org > Subject: Re: CSP 1.0: Are UAs permitted to implement reporting as opt-in? > > On 10/17/12 6:49 AM, Fred Andrews wrote: > > Just to clarify, when reporting is required the server can depend on the > > absence of a report when it trips its own policy to signal that the UA has not > > implemented the policy. > > Dan's point was that no, the server can't rely on this. > > -Boris >
Received on Wednesday, 17 October 2012 21:44:49 UTC