- From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Thu, 25 Apr 2013 18:01:45 +0000
- To: public-webappsec@w3.org
webappsec-ISSUE-46 (Does nonce make CSP header security-sensitive): Does inclusion of things like nonce make CSP a sensitive header? [CSP 1.1] http://www.w3.org/2011/webappsec/track/issues/46 Raised by: Daniel Veditz On product: CSP 1.1 Should CSP be hidden from e.g. XHR as a security-sensitive header once it contains secrets like nonce.
Received on Thursday, 25 April 2013 18:01:50 UTC