W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2013

webappsec-ISSUE-46 (Does nonce make CSP header security-sensitive): Does inclusion of things like nonce make CSP a sensitive header? [CSP 1.1]

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Thu, 25 Apr 2013 18:01:45 +0000
Message-Id: <E1UVQUL-00083o-MB@crusher.w3.org>
To: public-webappsec@w3.org
webappsec-ISSUE-46 (Does nonce make CSP header security-sensitive): Does inclusion of things like nonce make CSP a sensitive header? [CSP 1.1]

http://www.w3.org/2011/webappsec/track/issues/46

Raised by: Daniel Veditz
On product: CSP 1.1

Should CSP be hidden from e.g. XHR as a security-sensitive header once it contains secrets like nonce.
Received on Thursday, 25 April 2013 18:01:50 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC