Re: Sub-origins

I imagine that there might be a helper function defined, or that developers
could do it themselves, or that you could have API sugar that helps out.


On Mon, Aug 26, 2013 at 3:39 PM, Devdatta Akhawe <>wrote:

> > Content-Security-Policy: sandbox suborigin:'isolateme'
> >
> > Where the result of this is to set the origin representation to an
> > HMAC_SHA256 of the origin with "isolateme" as the key.
> >
> > This gives the ability to developers to create convenient names for
> > arbitrary groupings of site functionality, makes it extraordinarily
> I imagine that this is what an implementation might do. I am curious
> about how developers would use it. For example, in an API like
> postMessage where the developer has to name and use the origin (or in
> CORS), the current proposal requires the developer to say
> "{, isolateme}". Do you envision the developer writing this
> HMAC value in the target origin field?
> thanks
> Dev

Received on Monday, 26 August 2013 22:42:34 UTC