- From: Adam Barth <w3c@adambarth.com>
- Date: Sun, 23 Sep 2012 08:15:41 -0700
- To: Erlend Oftedal <eoftedal@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Sun, Sep 23, 2012 at 5:57 AM, Erlend Oftedal <eoftedal@gmail.com> wrote: > Flash, silverlight, java and friends can also make http connections. This is > controlled by policies like crossdomain.xml and clientaccesspolicy.xml on > the receiving end, but what about the browser? Does connect-src also apply > to these plugins? Could it? Should it? Generally speaking, the behavior of plugins in this area isn't defined by W3C specifications. For example, there are no W3C specifications for crossdomain.xml or clientaccesspolicy.xml. If I were writing one of these plugins, I would make them respect the connect-src directive, however. Adam
Received on Sunday, 23 September 2012 15:16:42 UTC