W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2013

webappsec-ISSUE-47: Revisit combinations of header and meta tags [CSP 1.1]

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Thu, 25 Apr 2013 18:38:03 +0000
Message-Id: <E1UVR3T-0002OQ-Ey@nelson.w3.org>
To: public-webappsec@w3.org
webappsec-ISSUE-47: Revisit combinations of header and meta tags [CSP 1.1]

http://www.w3.org/2011/webappsec/track/issues/47

Raised by: Brad Hill
On product: CSP 1.1

If an expected use case of the meta tag is to allow some setup to be done before locking down the policy, the restriction preventing meta from being used in combination with a header policy may not be useful.  Also, the script interfaces have similar functionality that is not restricted to the <head>.

To raise on list.
Received on Thursday, 25 April 2013 18:38:08 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC