CSP connect-src and browser plugins from Erlend Oftedal on 2012-09-23 (public-webappsec@w3.org from September 2012)

From: Erlend Oftedal <eoftedal@gmail.com>
Date: Sun, 23 Sep 2012 14:57:24 +0200
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <8599897274237076017@unknownmsgid>

Flash, silverlight, java and friends can also make http connections. This
is controlled by policies like crossdomain.xml and clientaccesspolicy.xml
on the receiving end, but what about the browser? Does connect-src also
apply to these plugins? Could it? Should it?

Erlend

Received on Sunday, 23 September 2012 12:57:54 UTC