Re: [filter-effects][css-masking] Move security model for resources to CSP

I'd agree. It does seem, however, that these should also be subject to CSP
restrictions, above and beyond the target origin enabling access via CORS.

Does tying the resource loads to the 'style-src' directive make sense?

-mike

--
Mike West <mkwst@google.com>, Developer Advocate
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91


On Fri, Apr 5, 2013 at 11:56 AM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Fri, Apr 5, 2013 at 6:58 AM, Dirk Schulze <dschulze@adobe.com> wrote:
> > CSS Masking and Filter Effects describe a security model ... Content
> Security Policy (CSP) spec.
>
> The drafts are referencing CORS instead, which seems more appropriate
> for what is going on. We are protecting the resource that is being
> loaded right, not the page itself?
>
>
> --
> http://annevankesteren.nl/
>
>

Received on Friday, 5 April 2013 12:03:48 UTC