W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2012

Re: CSP 1.0: Are UAs permitted to implement reporting as opt-in?

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 17 Oct 2012 18:05:11 -0400
Message-ID: <507F2B97.2090500@mit.edu>
To: Fred Andrews <fredandw@live.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 10/17/12 5:44 PM, Fred Andrews wrote:
> If the server can't rely on this then why does CSP require the UA to
> send a report when requested?

An excellent question, to which I do not know the answer, since I wasn't 
involved in writing that part of the spec.  But presumably the idea is 
to make it more likely that the server will get the report, in common 

Received on Wednesday, 17 October 2012 22:05:40 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:59 UTC